CVE-2023-23622

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.

CVSS

No CVSS.

References

Link	Resource
https://github.com/discourse/discourse/pull/20004
https://github.com/discourse/discourse/pull/20005
https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164
https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f
https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795

Advertisement

Configurations

No configuration.

Information

Published : 2023-03-17 08:15

Updated : 2023-03-17 08:44

NVD link : CVE-2023-23622

Mitre link : CVE-2023-23622

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

Products Affected

No product.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/discourse/discourse/pull/20004", "name": "https://github.com/discourse/discourse/pull/20004", "tags": [], "refsource": "MISC"}, {"url": "https://github.com/discourse/discourse/pull/20005", "name": "https://github.com/discourse/discourse/pull/20005", "tags": [], "refsource": "MISC"}, {"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164", "name": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164", "tags": [], "refsource": "MISC"}, {"url": "https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f", "name": "https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f", "tags": [], "refsource": "MISC"}, {"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-23622", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2023-03-17T15:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-17T15:44Z"}