CVE-2024-23834

Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000	Patch
https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc	Vendor Advisory
https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094	Release Notes Vendor Advisory
https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:::::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta1:::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta2:::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta3:::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta4:::beta:::*

History

No history.

Information

Published : 2024-01-30 22:15

Updated : 2024-02-08 16:39

NVD link : CVE-2024-23834

Mitre link : CVE-2024-23834

CVE.ORG link : CVE-2024-23834

JSON object : View

Products Affected

discourse

discourse

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-23834", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-01-30T22:15:53.307", "references": [{"url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094", "tags": ["Release Notes", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093", "tags": ["Release Notes", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`."}, {"lang": "es", "value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. La entrada del usuario mal sanitizada podr\u00eda provocar una vulnerabilidad XSS en algunas situaciones. Esta vulnerabilidad solo afecta a las instancias de Discourse que han deshabilitado la Pol\u00edtica de seguridad de contenido predeterminada. La vulnerabilidad est\u00e1 parcheada en 3.1.5 y 3.2.0.beta5. Como workaround, aseg\u00farese de que la Pol\u00edtica de seguridad de contenido est\u00e9 habilitada y no incluya \"unsafe-inline\"."}], "lastModified": "2024-02-08T16:39:31.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "vulnerable": true, "matchCriteriaId": "64C82627-1660-4628-8F03-A8D148EACDA1", "versionEndExcluding": "3.1.5"}, {"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D", "versionEndExcluding": "3.2.0"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta4:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "84DF2347-8189-4983-BD23-3E43050C6795"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}