Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8 | Third Party Advisory |
https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 07:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8 - Third Party Advisory |
Information
Published : 2023-02-03 22:15
Updated : 2024-11-21 07:46
NVD link : CVE-2023-23615
Mitre link : CVE-2023-23615
CVE.ORG link : CVE-2023-23615
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-284
Improper Access Control