CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8	Patch Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:discourse:discourse::::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta1::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta10::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta11::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta12::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta13::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta14::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta2::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta3::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta4::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta5::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta6::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta7::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta8::::::
	cpe:2.3:a:discourse:discourse:3.0.0:beta15::::::

History

No history.

Information

Published : 2023-01-05 19:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-23549

Mitre link : CVE-2022-23549

CVE.ORG link : CVE-2022-23549

JSON object : View

Products Affected

discourse

discourse

CWE

NVD-CWE-Other CWE-20

Improper Input Validation

{"id": "CVE-2022-23549", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2023-01-05T19:15:09.500", "references": [{"url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds."}], "lastModified": "2023-01-12T20:33:47.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C13BCBA-EF34-4F4B-9F4A-33392EB45196", "versionEndExcluding": "2.8.14"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A3C7FB-B3B6-45F0-AD7D-062A50490AD7"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F62275F8-11E9-4D94-8F2E-F83905F65031"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}