CVE-2023-38685 Information

Description

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches.

Reference

https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5