CVE-2023-34250: 
NixOS vulnerability analysis and mitigation

Discourse, an open source discussion platform, disclosed a vulnerability (CVE-2023-34250) that affects versions prior to 3.0.4 of the 'stable' branch and version 3.1.0.beta5 of the 'beta' and 'tests-passed' branches. The vulnerability was discovered and disclosed on June 13, 2023, allowing attackers to reveal the number of topics recently created in categories they didn't have access to, though the actual content remained protected (GitHub Advisory).

The vulnerability is classified as an information exposure issue (CWE-668 and CWE-200) that could be exploited through the new topics dismissal endpoint. The severity is rated as MEDIUM with a CVSS v3.1 base score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) according to NVD, while GitHub rates it with a score of 4.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L) (NVD).

The vulnerability allows unauthorized users to determine the number of recently created topics in private categories they shouldn't have access to, though the actual content of these topics remains protected. This represents a limited information disclosure risk (GitHub Advisory).

The vulnerability has been patched in version 3.0.4 of the 'stable' branch and version 3.1.0.beta5 of the 'beta' and 'tests-passed' branches. No workarounds are available, making updating to the patched versions the only solution (GitHub Advisory).