Lucene search

GoogleOSV:CVE-2023-23615

HistoryFeb 03, 2023 - 10:15 p.m.

CVE-2023-23615

2023-02-0322:15:12

Google

osv.dev

discourse

open source

discussion platform

exploit

creation

new topics

issue patched

latest versions

workaround

disable

embeddable comments

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.

CPENameOperatorVersion
discourseeq2.7.11
discourseeq2.3.8
discourseeq1.6.0.beta4
discourseeq2.3.4
discourseeq2.8.6
discourseeq1.6.0.beta11
discourseeq1.9.4
discourseeq2.3.3
discourseeq0.9.9.18
discourseeq1.8.0.beta1

Name	Operator	Version
discourse	eq	2.7.11
discourse	eq	2.3.8
discourse	eq	1.6.0.beta4
discourse	eq	2.3.4
discourse	eq	2.8.6
discourse	eq	1.6.0.beta11
discourse	eq	1.9.4
discourse	eq	2.3.3
discourse	eq	0.9.9.18
discourse	eq	1.8.0.beta1

Rows per page:

1-10 of 4281

References

github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for OSV:CVE-2023-23615