CVE-2024-23834

Published Jan 30, 2024

Last updated 9 months ago

Overview

Description: Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.
Source: security-advisories@github.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64C82627-1660-4628-8F03-A8D148EACDA1",
            "versionEndExcluding": "3.1.5"
          },
          {
            "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D",
            "versionEndExcluding": "3.2.0"
          },
          {
            "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"
          },
          {
            "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A"
          },
          {
            "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A"
          },
          {
            "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta4:*:*:beta:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84DF2347-8189-4983-BD23-3E43050C6795"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References