← Zuruck zu CVEs
CVE-2024-28242
MEDIUM5.3
Beschreibung
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/15/2024
Zuletzt geandert9/26/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
discourse:discourse
Schwachen (CWE)
CWE-200
Referenzen
https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39(security-advisories@github.com)
https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23(security-advisories@github.com)
https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.