CVE-2023-32301

2023-06-1322:15:09

CWE-116

[email protected]

web.nvd.nist.gov

discourse

open source

discussion platform

security update

multiple duplicate topic

version 3.0.4

version 3.1.0.beta5

topic embedding

workaround

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

4.1

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. As a workaround, disable topic embedding if it has been enabled.

Affected configurations

Nvd

Node

discoursediscourseRange<3.0.4stable

discoursediscourseMatch3.1.0beta1beta

discoursediscourseMatch3.1.0beta2beta

discoursediscourseMatch3.1.0beta3beta

discoursediscourseMatch3.1.0beta4beta

VendorProductVersionCPE
discoursediscourse*cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
discoursediscourse3.1.0cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*
discoursediscourse3.1.0cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*
discoursediscourse3.1.0cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*
discoursediscourse3.1.0cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*

Vendor	Product	Version	CPE
discourse	discourse	*	cpe:2.3:a:discourse:discourse:::::stable:::*
discourse	discourse	3.1.0	cpe:2.3:a:discourse:discourse:3.1.0:beta1:::beta:::*
discourse	discourse	3.1.0	cpe:2.3:a:discourse:discourse:3.1.0:beta2:::beta:::*
discourse	discourse	3.1.0	cpe:2.3:a:discourse:discourse:3.1.0:beta3:::beta:::*
discourse	discourse	3.1.0	cpe:2.3:a:discourse:discourse:3.1.0:beta4:::beta:::*