Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Jun 2023, 02:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:* |
|
First Time |
Discourse
Discourse discourse |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g - Vendor Advisory |
13 Jun 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-13 22:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-32061
Mitre link : CVE-2023-32061
CVE.ORG link : CVE-2023-32061
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-863
Incorrect Authorization