CVE-2025-32376

Sažetak

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.

Reference

https://github.com/discourse/discourse/commit/21a7f3162221c393f9bb13721451aa7f237d881a
https://github.com/discourse/discourse/security/advisories/GHSA-mqqq-h2x3-46fr

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

02-05-2025 - 13:53

Objavljeno

30-04-2025 - 15:16