CVE-2024-23834 - OpenCVE

Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Discourse	Discourse

Configuration 1 [-]

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:::::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta1:::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta2:::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta3:::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta4:::beta:::*

References

Link	Resource
https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000	Patch
https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc	Vendor Advisory
https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094	Release Notes Vendor Advisory
https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-30T21:31:35.617Z

Updated: 2024-01-30T21:31:35.617Z

Reserved: 2024-01-22T22:23:54.340Z

Link: CVE-2024-23834

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-30T22:15:53.307

Modified: 2024-02-08T16:39:31.963

Link: CVE-2024-23834

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-23834", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-22T22:23:54.340Z", "datePublished": "2024-01-30T21:31:35.617Z", "dateUpdated": "2024-01-30T21:31:35.617Z"}, "containers": {"cna": {"title": "Discourse improperly sanitized user input leads to XSS", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc"}, {"name": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000"}, {"name": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094", "tags": ["x_refsource_MISC"], "url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094"}, {"name": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093", "tags": ["x_refsource_MISC"], "url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": "< 3.1.5", "status": "affected"}, {"version": ">= 3.2.0.beta1, < 3.2.0.beta5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-30T21:31:35.617Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`."}], "source": {"advisory": "GHSA-rj3g-8q6p-63pc", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "matchCriteriaId": "64C82627-1660-4628-8F03-A8D148EACDA1", "versionEndExcluding": "3.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", "matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D", "versionEndExcluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "84DF2347-8189-4983-BD23-3E43050C6795", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`."}, {"lang": "es", "value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. La entrada del usuario mal sanitizada podr\u00eda provocar una vulnerabilidad XSS en algunas situaciones. Esta vulnerabilidad solo afecta a las instancias de Discourse que han deshabilitado la Pol\u00edtica de seguridad de contenido predeterminada. La vulnerabilidad est\u00e1 parcheada en 3.1.5 y 3.2.0.beta5. Como workaround, aseg\u00farese de que la Pol\u00edtica de seguridad de contenido est\u00e9 habilitada y no incluya \"unsafe-inline\"."}], "id": "CVE-2024-23834", "lastModified": "2024-02-08T16:39:31.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-30T22:15:53.307", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}