CVE-2024-56197

Summary

CVE-2024-56197 affects Discourse, an open-source community discussion platform. This vulnerability allows other users to read private message titles and metadata when the "PM tags allowed for groups" option is enabled, the user is a member of a group granted this privilege, and the private message has been tagged. This issue has been addressed in the latest stable, beta, and tests-passed versions of Discourse. It is strongly recommended that users upgrade their software to mitigate this risk. Alternatively, those unable to upgrade should remove all groups from the "PM tags allowed for groups" option to limit the potential impact.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.