CVE-2023-45131

HIGH

Discourse < 3.1.1 - Information Disclosure

Title source: rule

Description

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploits (2)

exploitdb WORKING POC

by İbrahimsql · rubywebappsmultiple

https://www.exploit-db.com/exploits/52375

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by ibrahmsql · poc

https://github.com/ibrahmsql/CVE-2023-45131

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6

Scores

CVSS v3 7.5

EPSS 0.0739

EPSS Percentile 91.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

discourse/discourse 3.2.0 beta1

discourse/discourse < 3.1.1

Published Oct 16, 2023

Tracked Since Feb 18, 2026