cvelistv5 - cve-2023-49099

cve-2023-49099

Vulnerability from cvelistv5

Published

2024-01-12 20:53

Modified

2024-08-02 21:46

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.

References

URL	Tags
security-advisories@github.com	https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53	Patch
security-advisories@github.com	https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

discourse

Version: < 3.1.4
Version: >= 3.2.0beta1, < 3.2.0.beta4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:29.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4"
          },
          {
            "name": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "discourse",
          "vendor": "discourse",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.1.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2.0beta1, \u003c 3.2.0.beta4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T20:53:53.163Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4"
        },
        {
          "name": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53"
        }
      ],
      "source": {
        "advisory": "GHSA-j67x-x6mq-pwv4",
        "discovery": "UNKNOWN"
      },
      "title": "Discourse secure uploads accessible to guests even when login is required"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49099",
    "datePublished": "2024-01-12T20:53:53.163Z",
    "dateReserved": "2023-11-21T18:57:30.430Z",
    "dateUpdated": "2024-08-02T21:46:29.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-49099\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-12T21:15:09.747\",\"lastModified\":\"2024-11-21T08:32:49.280\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.\"},{\"lang\":\"es\",\"value\":\"Discourse es una plataforma para la discusi\u00f3n comunitaria. En circunstancias muy espec\u00edficas, los usuarios invitados pueden acceder a las URL de carga segura asociadas con las publicaciones incluso cuando se requiere iniciar sesi\u00f3n. Esta vulnerabilidad ha sido parcheada en 3.2.0.beta4 y 3.1.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*\",\"versionEndExcluding\":\"3.1.4\",\"matchCriteriaId\":\"A51406A4-A2FE-4BFE-8EA0-58359582D6A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*\",\"matchCriteriaId\":\"1BFF647B-6CEF-43BF-BF5E-C82B557F78E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*\",\"matchCriteriaId\":\"10D931DE-F8F5-4A34-A30A-FDD4420ABD1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*\",\"matchCriteriaId\":\"C62C36D4-6CE7-4A57-BBF7-8066CFAE342A\"}]}]}],\"references\":[{\"url\":\"https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2023-49099

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-49099

Aliases

CVE-2023-49099

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-49099",
    "id": "GSD-2023-49099"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-49099"
      ],
      "details": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.",
      "id": "GSD-2023-49099",
      "modified": "2023-12-13T01:20:35.081164Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-49099",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "discourse",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 3.1.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 3.2.0beta1, \u003c 3.2.0.beta4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "discourse"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-284",
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4",
            "refsource": "MISC",
            "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4"
          },
          {
            "name": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53",
            "refsource": "MISC",
            "url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-j67x-x6mq-pwv4",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
                    "matchCriteriaId": "A51406A4-A2FE-4BFE-8EA0-58359582D6A7",
                    "versionEndExcluding": "3.1.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
                    "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
                    "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
                    "matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4."
          },
          {
            "lang": "es",
            "value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. En circunstancias muy espec\u00edficas, los usuarios invitados pueden acceder a las URL de carga segura asociadas con las publicaciones incluso cuando se requiere iniciar sesi\u00f3n. Esta vulnerabilidad ha sido parcheada en 3.2.0.beta4 y 3.1.4."
          }
        ],
        "id": "CVE-2023-49099",
        "lastModified": "2024-01-25T15:32:52.503",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.6,
              "impactScore": 1.4,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-12T21:15:09.747",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-284"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted