CVE-2024-45297

Prevent topic list filtering by hidden tags for unauthorized users in Discourse

Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.


We have discovered 2,335 live websites that are affected by CVE-2024-45297.

Contact us to get more info




Affected Software

Product  Discourse
Category Message Boards
Vulnerable Domains2,335 live websites (44.70% of Discourse install base)
Vulnerable Versions
  • from 0 before 3.3.2
Vulnerable Versions Count92 versions ( 96.84% of all versions)


Common Weakness Enumeration

CWE-269 Improper Privilege Management



Details

  • Published - Oct 7, 2024
  • Updated - Oct 8, 2024

CVE-2024-45297 usage by Country

United States1,523 websites



Germany254 websites
France117 websites
Singapore75 websites
China46 websites
GB34 websites
Netherlands25 websites
Japan24 websites
Russia23 websites

CVE-2024-45297 usage by TLD

.com956 websites
.org359 websites
.net116 websites
.io110 websites
.de64 websites
.fr34 websites
.ru25 websites
.co23 websites
.eu21 websites
.com.br19 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-45297

Top websites that are affected by CVE-2024-45297. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.***.com France*,***
*********.*******.org United States**,***
***********.org United States**,***
*********.******.com United States**,***
******.********.com United States**,***
*********.***************.com United States**,***
**************.org United States***,***
*****.*******.com United States***,***
*****.******.com United States***,***
*********.**********.de Germany***,***
See full domain list

FAQ

CVE-2024-45297 is Improper Privilege Management in Discourse
A total of 2,335 websites have been identified as vulnerable to CVE-2024-45297, discovered through global website indexing conducted by WebTechSurvey.
Discourse is susceptible to CVE-2024-45297 vulnerability.
Discourse versions before 3.3.2 are vulnerable to CVE-2024-45297.
Version 3.3.2 of Discourse addresses the CVE-2024-45297 security vulnerability.