CVE-2024-45297: 
NixOS vulnerability analysis and mitigation

Discourse, an open source platform for community discussion, was found to contain a vulnerability where users could see topics with a hidden tag if they know the label/name of that tag. The vulnerability was identified and disclosed on October 7, 2024, affecting Discourse versions stable <= 3.3.1, beta <= 3.4.0.beta1, and tests-passed <= 3.4.0.beta1 (GitHub Advisory).

The vulnerability has been assigned CVE-2024-45297 and received a CVSS v3.1 base score of 4.3 (Medium) from NVD and 5.3 (Medium) from GitHub. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that the vulnerability can be exploited over the network with low attack complexity, requires no privileges or user interaction, has unchanged scope, and impacts only confidentiality at a low level (NVD).

The vulnerability allows unauthorized users to access topics that are marked with hidden tags, provided they know the specific tag label or name. This represents a breach in the platform's access control mechanisms and could potentially expose sensitive or restricted content (GitHub Advisory).

The vulnerability has been patched in version 3.3.2 for stable, 3.4.0.beta2 for beta, and 3.4.0.beta2 for tests-passed branches. All users are advised to upgrade to these versions or later. There are no known workarounds for this vulnerability (GitHub Advisory).