Metrics
Affected Vendors & Products
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Thu, 23 Oct 2025 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Thu, 16 Oct 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:* cpe:2.3:a:discourse:discourse:3.6.0:beta1:*:*:beta:*:*:* |
Thu, 02 Oct 2025 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Discourse
Discourse discourse |
|
| Vendors & Products |
Discourse
Discourse discourse |
Wed, 01 Oct 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Oct 2025 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topic_id” value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI model’s responses then disclosed information that the authenticated user couldn’t normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the "composer_ai_helper_allowed_groups" and "post_ai_helper_allowed_groups" site settings. | |
| Title | Discourse AI Suggestions Contain Insecure Direct Object Reference | |
| Weaknesses | CWE-284 CWE-639 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-10-23T13:20:54.766Z
Reserved: 2025-08-22T14:30:32.221Z
Link: CVE-2025-58055
Updated: 2025-10-23T13:20:54.766Z
Status : Modified
Published: 2025-10-01T19:15:36.317
Modified: 2025-10-23T14:15:39.410
Link: CVE-2025-58055
No data.
OpenCVE Enrichment
Updated: 2025-10-02T08:38:21Z