← Back to CVEs

CVE-2024-28242

MEDIUM

5.3

Description

Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.

CVE Details

CVSS v3.1 Score5.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published3/15/2024

Last Modified9/26/2025

Sourcenvd

Honeypot Sightings0

Affected Products

discourse:discourse

Weaknesses (CWE)

CWE-200

References

https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39(security-advisories@github.com)

https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23(security-advisories@github.com)

https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.