Lucene search

GoogleOSV:BIT-DISCOURSE-2023-32301

HistoryMar 06, 2024 - 10:57 a.m.

BIT-discourse-2023-32301

2024-03-0610:57:01

Google

osv.dev

open source

discussion platform

version 3.0.4

version 3.1.0.beta5

stable branch

beta branch

tests-passed branch

topic embedding

workaround

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. As a workaround, disable topic embedding if it has been enabled.

References

github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Related for OSV:BIT-DISCOURSE-2023-32301