{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T05:49:25.750","vulnerabilities":[{"cve":{"id":"CVE-2023-45816","sourceIdentifier":"security-advisories@github.com","published":"2023-11-10T15:15:08.667","lastModified":"2024-11-21T08:27:24.920","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds."},{"lang":"es","value":"Discourse es una plataforma de código abierto para el debate comunitario. Antes de la versión 3.1.3 de la rama \"stable\" y la versión 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\", existe un caso extremo en el que se envía un recordatorio de marcador y se genera una notificación de no leídos. pero la seguridad subyacente de los marcadores (por ejemplo, publicación, tema, mensaje de chat) ha cambiado, por lo que el usuario ya no puede acceder al recurso subyacente. A partir de la versión 3.1.3 de la rama \"stable\" y la versión 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\", los recordatorios de marcadores ya no se envían si el usuario no tiene acceso al marcador subyacente, y además las notificaciones de marcadores no leídos siempre se filtran por acceso. No se conocen workarounds."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionEndExcluding":"3.1.3","matchCriteriaId":"8E31336C-750D-4039-A89F-FF602B59098C"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*","versionEndExcluding":"3.2.0","matchCriteriaId":"E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*","matchCriteriaId":"1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*","matchCriteriaId":"10D931DE-F8F5-4A34-A30A-FDD4420ABD1A"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}