CVE-2023-44391

MEDIUM5.3EPSS 0.28%

Prevent unauthorized access to summary details in Discourse

Published: 3/6/2024Modified: 11/6/2025

Description

Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected packages (1)

Bitnami/discoursefrom 0, <= 3.1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (2)

WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-44391