Vulnerability CVE-2023-44391


Published: 2023-10-16   Modified: 2023-10-17

Description:
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Type:

CWE-200

(Information Exposure)

 References:
https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr

Copyright 2026, cxsecurity.com

 

Back to Top