Vulnerability Database

309,083

Total vulnerabilities in the database

CVE-2024-56197

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the "PM tags allowed for groups" option.

Published: Feb 4, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-56197
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.2
AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
discourse / discourse	-	3.3.4
discourse / discourse	-	3.4.0
discourse / discourse	3.4.0-beta1	3.4.0-beta1.x
discourse / discourse	3.4.0-beta2	3.4.0-beta2.x
discourse / discourse	3.4.0-beta3	3.4.0-beta3.x
discourse / discourse	3.4.0-beta4	3.4.0-beta4.x

https://github.com/discourse/discourse/security/advisories/GHSA-xmgr-g9cp-v239

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo