CVE-2023-29196

Published: Apr 18, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured.

Affected (5)

Products: Discourse: Discourse

Discourse

1 product

Discourse

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Before 3.1.0
Discourse Discourse	Before 3.0.3
Discourse Discourse	Version 3.1.0 beta1
Discourse Discourse	Version 3.1.0 beta2
Discourse Discourse	Version 3.1.0 beta3

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48

Source: security-advisories@github.com

Third Party Advisory

https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.