CVE-2024-53994

MEDIUM

Discourse - Info Disclosure

Title source: llm

Description

Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.

References (1)

[Third Party Advisory] https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6

Scores

CVSS v3 4.3

EPSS 0.0022

EPSS Percentile 44.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-281

Status published

Products (3)

discourse/discourse 3.4.0 beta1 (3 CPE variants)

discourse/discourse < 3.3.3

discourse/discourse < 3.4.0

Published Feb 04, 2025

Tracked Since Feb 18, 2026