Lucene search

[email protected]NVD:CVE-2023-23615

HistoryFeb 03, 2023 - 10:15 p.m.

CVE-2023-23615

2023-02-0322:15:12

CWE-284

[email protected]

web.nvd.nist.gov

discourse

discussion platform

vulnerability

patched

embeddable comments

workaround

exploit

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.

Affected configurations

NVD

Node

discoursediscourseRange≤3.0.0stable

Node

discoursediscourseMatch1.1.0beta1beta

discoursediscourseMatch1.1.0beta2beta

discoursediscourseMatch1.1.0beta3beta

discoursediscourseMatch1.1.0beta4beta

discoursediscourseMatch1.1.0beta5beta

discoursediscourseMatch1.1.0beta6beta

discoursediscourseMatch1.1.0beta6bbeta

discoursediscourseMatch1.1.0beta7beta

discoursediscourseMatch1.1.0beta8beta

discoursediscourseMatch1.2.0beta1beta

discoursediscourseMatch1.2.0beta2beta

discoursediscourseMatch1.2.0beta3beta

discoursediscourseMatch1.2.0beta4beta

discoursediscourseMatch1.2.0beta5beta

discoursediscourseMatch1.2.0beta6beta

discoursediscourseMatch1.2.0beta7beta

discoursediscourseMatch1.2.0beta8beta

discoursediscourseMatch1.2.0beta9beta

discoursediscourseMatch1.3.0beta1beta

discoursediscourseMatch1.3.0beta10beta

discoursediscourseMatch1.3.0beta11beta

discoursediscourseMatch1.3.0beta2beta

discoursediscourseMatch1.3.0beta3beta

discoursediscourseMatch1.3.0beta4beta

discoursediscourseMatch1.3.0beta5beta

discoursediscourseMatch1.3.0beta6beta

discoursediscourseMatch1.3.0beta7beta

discoursediscourseMatch1.3.0beta8beta

discoursediscourseMatch1.3.0beta9beta

discoursediscourseMatch1.4.0beta1beta

discoursediscourseMatch1.4.0beta10beta

discoursediscourseMatch1.4.0beta11beta

discoursediscourseMatch1.4.0beta12beta

discoursediscourseMatch1.4.0beta2beta

discoursediscourseMatch1.4.0beta3beta

discoursediscourseMatch1.4.0beta4beta

discoursediscourseMatch1.4.0beta5beta

discoursediscourseMatch1.4.0beta6beta

discoursediscourseMatch1.4.0beta7beta

discoursediscourseMatch1.4.0beta8beta

discoursediscourseMatch1.4.0beta9beta

discoursediscourseMatch1.5.0beta1beta

discoursediscourseMatch1.5.0beta10beta

discoursediscourseMatch1.5.0beta11beta

discoursediscourseMatch1.5.0beta12beta

discoursediscourseMatch1.5.0beta13beta

discoursediscourseMatch1.5.0beta13bbeta

discoursediscourseMatch1.5.0beta14beta

discoursediscourseMatch1.5.0beta2beta

discoursediscourseMatch1.5.0beta3beta

discoursediscourseMatch1.5.0beta4beta

discoursediscourseMatch1.5.0beta5beta

discoursediscourseMatch1.5.0beta6beta

discoursediscourseMatch1.5.0beta7beta

discoursediscourseMatch1.5.0beta8beta

discoursediscourseMatch1.5.0beta9beta

discoursediscourseMatch1.6.0beta1beta

discoursediscourseMatch1.6.0beta10beta

discoursediscourseMatch1.6.0beta11beta

discoursediscourseMatch1.6.0beta12beta

discoursediscourseMatch1.6.0beta2beta

discoursediscourseMatch1.6.0beta3beta

discoursediscourseMatch1.6.0beta4beta

discoursediscourseMatch1.6.0beta5beta

discoursediscourseMatch1.6.0beta6beta

discoursediscourseMatch1.6.0beta7beta

discoursediscourseMatch1.6.0beta8beta

discoursediscourseMatch1.6.0beta9beta

discoursediscourseMatch1.7.0beta1beta

discoursediscourseMatch1.7.0beta10beta

discoursediscourseMatch1.7.0beta11beta

discoursediscourseMatch1.7.0beta2beta

discoursediscourseMatch1.7.0beta3beta

discoursediscourseMatch1.7.0beta4beta

discoursediscourseMatch1.7.0beta5beta

discoursediscourseMatch1.7.0beta6beta

discoursediscourseMatch1.7.0beta7beta

discoursediscourseMatch1.7.0beta8beta

discoursediscourseMatch1.7.0beta9beta

discoursediscourseMatch1.8.0beta1beta

discoursediscourseMatch1.8.0beta10beta

discoursediscourseMatch1.8.0beta11beta

discoursediscourseMatch1.8.0beta12beta

discoursediscourseMatch1.8.0beta13beta

discoursediscourseMatch1.8.0beta2beta

discoursediscourseMatch1.8.0beta3beta

discoursediscourseMatch1.8.0beta4beta

discoursediscourseMatch1.8.0beta5beta

discoursediscourseMatch1.8.0beta6beta

discoursediscourseMatch1.8.0beta7beta

discoursediscourseMatch1.8.0beta8beta

discoursediscourseMatch1.8.0beta9beta

discoursediscourseMatch1.9.0beta1beta

discoursediscourseMatch1.9.0beta10beta

discoursediscourseMatch1.9.0beta11beta

discoursediscourseMatch1.9.0beta12beta

discoursediscourseMatch1.9.0beta13beta

discoursediscourseMatch1.9.0beta14beta

discoursediscourseMatch1.9.0beta15beta

discoursediscourseMatch1.9.0beta16beta

discoursediscourseMatch1.9.0beta17beta

discoursediscourseMatch1.9.0beta2beta

discoursediscourseMatch1.9.0beta3beta

discoursediscourseMatch1.9.0beta4beta

discoursediscourseMatch1.9.0beta5beta

discoursediscourseMatch1.9.0beta6beta

discoursediscourseMatch1.9.0beta7beta

discoursediscourseMatch1.9.0beta8beta

discoursediscourseMatch1.9.0beta9beta

discoursediscourseMatch2.0.0beta1beta

discoursediscourseMatch2.0.0beta10beta

discoursediscourseMatch2.0.0beta2beta

discoursediscourseMatch2.0.0beta3beta

discoursediscourseMatch2.0.0beta4beta

discoursediscourseMatch2.0.0beta5beta

discoursediscourseMatch2.0.0beta6beta

discoursediscourseMatch2.0.0beta7beta

discoursediscourseMatch2.0.0beta8beta

discoursediscourseMatch2.0.0beta9beta

discoursediscourseMatch2.1.0beta1beta

discoursediscourseMatch2.1.0beta2beta

discoursediscourseMatch2.1.0beta3beta

discoursediscourseMatch2.1.0beta4beta

discoursediscourseMatch2.1.0beta5beta

discoursediscourseMatch2.1.0beta6beta

discoursediscourseMatch2.2.0beta1beta

discoursediscourseMatch2.2.0beta10beta

discoursediscourseMatch2.2.0beta2beta

discoursediscourseMatch2.2.0beta3beta

discoursediscourseMatch2.2.0beta4beta

discoursediscourseMatch2.2.0beta5beta

discoursediscourseMatch2.2.0beta6beta

discoursediscourseMatch2.2.0beta7beta

discoursediscourseMatch2.2.0beta8beta

discoursediscourseMatch2.2.0beta9beta

discoursediscourseMatch2.3.0beta1beta

discoursediscourseMatch2.3.0beta10beta

discoursediscourseMatch2.3.0beta11beta

discoursediscourseMatch2.3.0beta2beta

discoursediscourseMatch2.3.0beta3beta

discoursediscourseMatch2.3.0beta4beta

discoursediscourseMatch2.3.0beta5beta

discoursediscourseMatch2.3.0beta6beta

discoursediscourseMatch2.3.0beta7beta

discoursediscourseMatch2.3.0beta8beta

discoursediscourseMatch2.3.0beta9beta

discoursediscourseMatch2.4.0beta1beta

discoursediscourseMatch2.4.0beta10beta

discoursediscourseMatch2.4.0beta11beta

discoursediscourseMatch2.4.0beta2beta

discoursediscourseMatch2.4.0beta3beta

discoursediscourseMatch2.4.0beta4beta

discoursediscourseMatch2.4.0beta5beta

discoursediscourseMatch2.4.0beta6beta

discoursediscourseMatch2.4.0beta7beta

discoursediscourseMatch2.4.0beta8beta

discoursediscourseMatch2.4.0beta9beta

discoursediscourseMatch2.5.0beta1beta

discoursediscourseMatch2.5.0beta2beta

discoursediscourseMatch2.5.0beta3beta

discoursediscourseMatch2.5.0beta4beta

discoursediscourseMatch2.5.0beta5beta

discoursediscourseMatch2.5.0beta6beta

discoursediscourseMatch2.5.0beta7beta

discoursediscourseMatch2.6.0beta1beta

discoursediscourseMatch2.6.0beta2beta

discoursediscourseMatch2.6.0beta3beta

discoursediscourseMatch2.6.0beta4beta

discoursediscourseMatch2.6.0beta5beta

discoursediscourseMatch2.6.0beta6beta

discoursediscourseMatch2.7.0beta1beta

discoursediscourseMatch2.7.0beta2beta

discoursediscourseMatch2.7.0beta3beta

discoursediscourseMatch2.7.0beta4beta

discoursediscourseMatch2.7.0beta5beta

discoursediscourseMatch2.7.0beta6beta

discoursediscourseMatch2.7.0beta7beta

discoursediscourseMatch2.7.0beta8beta

discoursediscourseMatch2.7.0beta9beta

discoursediscourseMatch2.8.0beta1beta

discoursediscourseMatch2.8.0beta10beta

discoursediscourseMatch2.8.0beta11beta

discoursediscourseMatch2.8.0beta2beta

discoursediscourseMatch2.8.0beta3beta

discoursediscourseMatch2.8.0beta4beta

discoursediscourseMatch2.8.0beta5beta

discoursediscourseMatch2.8.0beta6beta

discoursediscourseMatch2.8.0beta7beta

discoursediscourseMatch2.8.0beta8beta

discoursediscourseMatch2.8.0beta9beta

discoursediscourseMatch2.9.0beta1beta

discoursediscourseMatch2.9.0beta10beta

discoursediscourseMatch2.9.0beta11beta

discoursediscourseMatch2.9.0beta12beta

discoursediscourseMatch2.9.0beta13beta

discoursediscourseMatch2.9.0beta14beta

discoursediscourseMatch2.9.0beta2beta

discoursediscourseMatch2.9.0beta3beta

discoursediscourseMatch2.9.0beta4beta

discoursediscourseMatch2.9.0beta5beta

discoursediscourseMatch2.9.0beta6beta

discoursediscourseMatch2.9.0beta7beta

discoursediscourseMatch2.9.0beta8beta

discoursediscourseMatch2.9.0beta9beta

discoursediscourseMatch3.0.0beta15beta

discoursediscourseMatch3.0.0beta16beta

discoursediscourseMatch3.1.0beta1beta

References

github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for NVD:CVE-2023-23615

prion1 osv2 cve1 cvelist1 openvas2