CVE-2024-53994

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53994
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*
History

26 Aug 2025, 16:28

Type Values Removed Values Added
CPE cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*
Summary
  • (es) Discourse es una plataforma de código abierto para debates comunitarios. En las versiones afectadas, los usuarios que deshabilitan el chat en las preferencias aún podrían ser contactados en algunos casos. Este problema se ha corregido en la última versión de Discourse. Se recomienda a los usuarios que actualicen la versión. Los usuarios que no puedan actualizar la versión deben deshabilitar el complemento de chat en la configuración del sitio.
References () https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6 - () https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6 - Third Party Advisory
First Time Discourse discourse
Discourse

04 Feb 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-04 22:15

Updated : 2025-08-26 16:28

NVD link : CVE-2024-53994

Mitre link : CVE-2024-53994

CVE.ORG link : CVE-2024-53994

JSON object : View

Products Affected

discourse

  • discourse
CWE
CWE-281

Improper Preservation of Permissions