CVE-2023-36466

Published: Jul 14, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.

Affected (210)

Products: Discourse: Discourse

Discourse

1 product

Discourse

Configuration A

210 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Before 3.0.5
Discourse Discourse	Version 1.1.0 beta1
Discourse Discourse	Version 1.1.0 beta2
Discourse Discourse	Version 1.1.0 beta3
Discourse Discourse	Version 1.1.0 beta4
Discourse Discourse	Version 1.1.0 beta5
Discourse Discourse	Version 1.1.0 beta6
Discourse Discourse	Version 1.1.0 beta6b
Discourse Discourse	Version 1.1.0 beta7
Discourse Discourse	Version 1.1.0 beta8
Discourse Discourse	Version 1.2.0 beta1
Discourse Discourse	Version 1.2.0 beta2
Discourse Discourse	Version 1.2.0 beta3
Discourse Discourse	Version 1.2.0 beta4
Discourse Discourse	Version 1.2.0 beta5
Discourse Discourse	Version 1.2.0 beta6
Discourse Discourse	Version 1.2.0 beta7
Discourse Discourse	Version 1.2.0 beta8
Discourse Discourse	Version 1.2.0 beta9
Discourse Discourse	Version 1.3.0 beta10
Discourse Discourse	Version 1.3.0 beta11
Discourse Discourse	Version 1.3.0 beta1
Discourse Discourse	Version 1.3.0 beta2
Discourse Discourse	Version 1.3.0 beta3
Discourse Discourse	Version 1.3.0 beta4
Discourse Discourse	Version 1.3.0 beta5
Discourse Discourse	Version 1.3.0 beta6
Discourse Discourse	Version 1.3.0 beta7
Discourse Discourse	Version 1.3.0 beta8
Discourse Discourse	Version 1.3.0 beta9
Discourse Discourse	Version 1.4.0 beta10
Discourse Discourse	Version 1.4.0 beta11
Discourse Discourse	Version 1.4.0 beta12
Discourse Discourse	Version 1.4.0 beta1
Discourse Discourse	Version 1.4.0 beta2
Discourse Discourse	Version 1.4.0 beta3
Discourse Discourse	Version 1.4.0 beta4
Discourse Discourse	Version 1.4.0 beta5
Discourse Discourse	Version 1.4.0 beta6
Discourse Discourse	Version 1.4.0 beta7
Discourse Discourse	Version 1.4.0 beta8
Discourse Discourse	Version 1.4.0 beta9
Discourse Discourse	Version 1.5.0 beta10
Discourse Discourse	Version 1.5.0 beta11
Discourse Discourse	Version 1.5.0 beta12
Discourse Discourse	Version 1.5.0 beta13
Discourse Discourse	Version 1.5.0 beta13b
Discourse Discourse	Version 1.5.0 beta14
Discourse Discourse	Version 1.5.0 beta1
Discourse Discourse	Version 1.5.0 beta2
Discourse Discourse	Version 1.5.0 beta3
Discourse Discourse	Version 1.5.0 beta4
Discourse Discourse	Version 1.5.0 beta5
Discourse Discourse	Version 1.5.0 beta6
Discourse Discourse	Version 1.5.0 beta7
Discourse Discourse	Version 1.5.0 beta8
Discourse Discourse	Version 1.5.0 beta9
Discourse Discourse	Version 1.6.0 beta10
Discourse Discourse	Version 1.6.0 beta11
Discourse Discourse	Version 1.6.0 beta12
Discourse Discourse	Version 1.6.0 beta1
Discourse Discourse	Version 1.6.0 beta2
Discourse Discourse	Version 1.6.0 beta3
Discourse Discourse	Version 1.6.0 beta4
Discourse Discourse	Version 1.6.0 beta5
Discourse Discourse	Version 1.6.0 beta6
Discourse Discourse	Version 1.6.0 beta7
Discourse Discourse	Version 1.6.0 beta8
Discourse Discourse	Version 1.6.0 beta9
Discourse Discourse	Version 1.7.0 beta10
Discourse Discourse	Version 1.7.0 beta11
Discourse Discourse	Version 1.7.0 beta1
Discourse Discourse	Version 1.7.0 beta2
Discourse Discourse	Version 1.7.0 beta3
Discourse Discourse	Version 1.7.0 beta4
Discourse Discourse	Version 1.7.0 beta5
Discourse Discourse	Version 1.7.0 beta6
Discourse Discourse	Version 1.7.0 beta7
Discourse Discourse	Version 1.7.0 beta8
Discourse Discourse	Version 1.7.0 beta9
Discourse Discourse	Version 1.8.0 beta10
Discourse Discourse	Version 1.8.0 beta11
Discourse Discourse	Version 1.8.0 beta12
Discourse Discourse	Version 1.8.0 beta13
Discourse Discourse	Version 1.8.0 beta1
Discourse Discourse	Version 1.8.0 beta2
Discourse Discourse	Version 1.8.0 beta3
Discourse Discourse	Version 1.8.0 beta4
Discourse Discourse	Version 1.8.0 beta5
Discourse Discourse	Version 1.8.0 beta6
Discourse Discourse	Version 1.8.0 beta7
Discourse Discourse	Version 1.8.0 beta8
Discourse Discourse	Version 1.8.0 beta9
Discourse Discourse	Version 1.9.0 beta10
Discourse Discourse	Version 1.9.0 beta11
Discourse Discourse	Version 1.9.0 beta12
Discourse Discourse	Version 1.9.0 beta13
Discourse Discourse	Version 1.9.0 beta14
Discourse Discourse	Version 1.9.0 beta15
Discourse Discourse	Version 1.9.0 beta16
Discourse Discourse	Version 1.9.0 beta17
Discourse Discourse	Version 1.9.0 beta1
Discourse Discourse	Version 1.9.0 beta2
Discourse Discourse	Version 1.9.0 beta3
Discourse Discourse	Version 1.9.0 beta4
Discourse Discourse	Version 1.9.0 beta5
Discourse Discourse	Version 1.9.0 beta6
Discourse Discourse	Version 1.9.0 beta7
Discourse Discourse	Version 1.9.0 beta8
Discourse Discourse	Version 1.9.0 beta9
Discourse Discourse	Version 2.0.0 beta10
Discourse Discourse	Version 2.0.0 beta1
Discourse Discourse	Version 2.0.0 beta2
Discourse Discourse	Version 2.0.0 beta3
Discourse Discourse	Version 2.0.0 beta4
Discourse Discourse	Version 2.0.0 beta5
Discourse Discourse	Version 2.0.0 beta6
Discourse Discourse	Version 2.0.0 beta7
Discourse Discourse	Version 2.0.0 beta8
Discourse Discourse	Version 2.0.0 beta9
Discourse Discourse	Version 2.1.0 beta1
Discourse Discourse	Version 2.1.0 beta2
Discourse Discourse	Version 2.1.0 beta3
Discourse Discourse	Version 2.1.0 beta4
Discourse Discourse	Version 2.1.0 beta5
Discourse Discourse	Version 2.1.0 beta6
Discourse Discourse	Version 2.2.0 beta10
Discourse Discourse	Version 2.2.0 beta1
Discourse Discourse	Version 2.2.0 beta2
Discourse Discourse	Version 2.2.0 beta3
Discourse Discourse	Version 2.2.0 beta4
Discourse Discourse	Version 2.2.0 beta5
Discourse Discourse	Version 2.2.0 beta6
Discourse Discourse	Version 2.2.0 beta7
Discourse Discourse	Version 2.2.0 beta8
Discourse Discourse	Version 2.2.0 beta9
Discourse Discourse	Version 2.3.0 beta10
Discourse Discourse	Version 2.3.0 beta11
Discourse Discourse	Version 2.3.0 beta1
Discourse Discourse	Version 2.3.0 beta2
Discourse Discourse	Version 2.3.0 beta3
Discourse Discourse	Version 2.3.0 beta4
Discourse Discourse	Version 2.3.0 beta5
Discourse Discourse	Version 2.3.0 beta6
Discourse Discourse	Version 2.3.0 beta7
Discourse Discourse	Version 2.3.0 beta8
Discourse Discourse	Version 2.3.0 beta9
Discourse Discourse	Version 2.4.0 beta10
Discourse Discourse	Version 2.4.0 beta11
Discourse Discourse	Version 2.4.0 beta1
Discourse Discourse	Version 2.4.0 beta2
Discourse Discourse	Version 2.4.0 beta3
Discourse Discourse	Version 2.4.0 beta4
Discourse Discourse	Version 2.4.0 beta5
Discourse Discourse	Version 2.4.0 beta6
Discourse Discourse	Version 2.4.0 beta7
Discourse Discourse	Version 2.4.0 beta8
Discourse Discourse	Version 2.4.0 beta9
Discourse Discourse	Version 2.5.0 beta1
Discourse Discourse	Version 2.5.0 beta2
Discourse Discourse	Version 2.5.0 beta3
Discourse Discourse	Version 2.5.0 beta4
Discourse Discourse	Version 2.5.0 beta5
Discourse Discourse	Version 2.5.0 beta6
Discourse Discourse	Version 2.5.0 beta7
Discourse Discourse	Version 2.6.0 beta1
Discourse Discourse	Version 2.6.0 beta2
Discourse Discourse	Version 2.6.0 beta3
Discourse Discourse	Version 2.6.0 beta4
Discourse Discourse	Version 2.6.0 beta5
Discourse Discourse	Version 2.6.0 beta6
Discourse Discourse	Version 2.7.0 beta1
Discourse Discourse	Version 2.7.0 beta2
Discourse Discourse	Version 2.7.0 beta3
Discourse Discourse	Version 2.7.0 beta4
Discourse Discourse	Version 2.7.0 beta5
Discourse Discourse	Version 2.7.0 beta6
Discourse Discourse	Version 2.7.0 beta7
Discourse Discourse	Version 2.7.0 beta8
Discourse Discourse	Version 2.7.0 beta9
Discourse Discourse	Version 2.8.0 beta10
Discourse Discourse	Version 2.8.0 beta11
Discourse Discourse	Version 2.8.0 beta1
Discourse Discourse	Version 2.8.0 beta2
Discourse Discourse	Version 2.8.0 beta3
Discourse Discourse	Version 2.8.0 beta4
Discourse Discourse	Version 2.8.0 beta5
Discourse Discourse	Version 2.8.0 beta6
Discourse Discourse	Version 2.8.0 beta7
Discourse Discourse	Version 2.8.0 beta8
Discourse Discourse	Version 2.8.0 beta9
Discourse Discourse	Version 2.9.0 beta10
Discourse Discourse	Version 2.9.0 beta11
Discourse Discourse	Version 2.9.0 beta12
Discourse Discourse	Version 2.9.0 beta13
Discourse Discourse	Version 2.9.0 beta14
Discourse Discourse	Version 2.9.0 beta1
Discourse Discourse	Version 2.9.0 beta2
Discourse Discourse	Version 2.9.0 beta3
Discourse Discourse	Version 2.9.0 beta4
Discourse Discourse	Version 2.9.0 beta5
Discourse Discourse	Version 2.9.0 beta6
Discourse Discourse	Version 2.9.0 beta7
Discourse Discourse	Version 2.9.0 beta8
Discourse Discourse	Version 2.9.0 beta9
Discourse Discourse	Version 3.0.0 beta15
Discourse Discourse	Version 3.0.0 beta16
Discourse Discourse	Version 3.1.0 beta1
Discourse Discourse	Version 3.1.0 beta2
Discourse Discourse	Version 3.1.0 beta5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932

Source: security-advisories@github.com

Vendor Advisory

https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.