CVE-2023-32301

LOW

Discourse <3.0.4-3.1.0.beta5 - Info Disclosure

Title source: llm

Description

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.

References (1)

[Vendor Advisory] https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4

Scores

CVSS v3 3.1

EPSS 0.0021

EPSS Percentile 42.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-116

Status published

Products (2)

discourse/discourse 3.1.0 beta1 (4 CPE variants)

discourse/discourse < 3.0.4

Published Jun 13, 2023

Tracked Since Feb 18, 2026