CVE-2023-47119 - OpenCVE

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Discourse	Discourse

Configuration 1 [-]

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:::::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta1:::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta2:::beta:::*

References

Link	Resource
https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09	Patch
https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c	Patch
https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-10T15:00:38.158Z

Updated: 2023-11-10T15:09:38.992Z

Reserved: 2023-10-30T19:57:51.674Z

Link: CVE-2023-47119

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-10T15:15:09.077

Modified: 2023-11-16T19:59:21.690

Link: CVE-2023-47119

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-47119", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-30T19:57:51.674Z", "datePublished": "2023-11-10T15:00:38.158Z", "dateUpdated": "2023-11-10T15:09:38.992Z"}, "containers": {"cna": {"title": "HTML injection in oneboxed links", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"}, {"name": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"}, {"name": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": "< 3.1.3", "status": "affected"}, {"version": ">= 3.2.0.beta0, < 3.2.0.beta3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-10T15:09:38.992Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."}], "source": {"advisory": "GHSA-j95w-5hvx-jp5w", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C", "versionEndExcluding": "3.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", "matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D", "versionEndExcluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama `stable` y la versi\u00f3n 3.2.0.beta3 de las ramas `beta` y `tests-passed`, algunos enlaces pueden inyectar etiquetas HTML arbitrarias cuando se procesan a trav\u00e9s de nuestro motor Onebox. El problema se solucion\u00f3 en la versi\u00f3n 3.1.3 de la rama \"stable\" y en la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."}], "id": "CVE-2023-47119", "lastModified": "2023-11-16T19:59:21.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-10T15:15:09.077", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}