Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 25 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*

Sat, 19 Oct 2024 01:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*

Tue, 08 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Discourse
Discourse discourse
CPEs cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
Vendors & Products Discourse
Discourse discourse
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 07 Oct 2024 20:45:00 +0000

Type Values Removed Values Added
Description Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
Title Prevent topic list filtering by hidden tags for unauthorized users in Discourse
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-10-08T18:13:28.994Z

Reserved: 2024-08-26T18:25:35.443Z

Link: CVE-2024-45297

cve-icon Vulnrichment

Updated: 2024-10-08T18:13:13.530Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-07T21:15:17.870

Modified: 2025-09-25T20:27:02.607

Link: CVE-2024-45297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.