Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse vulnerable to exposure of number of topics recently created in private categories
Vulnerability Description
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
信息暴露
Vulnerability Title
Discourse 信息泄露漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.0.3 stable及之前版本、3.1.0.beta5之前版本存在信息泄露漏洞,攻击者利用该漏洞可以使用新主题关闭端点来显示他们无权访问的类最近创建的主题数量。
CVSS Information
N/A
Vulnerability Type
N/A