BIT-discourse-2024-23834
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2024-23834.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-discourse-2024-23834
- Aliases
-
- CVE-2024-23834
- GHSA-rj3g-8q6p-63pc
- Published
- 2024-03-06T10:51:09.899Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include
unsafe-inline. - References
-
- https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000
- https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc
- https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094
- https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093
Affected packages
Bitnami / discourse
Package
- Name
- discourse
- Purl
- pkg:bitnami/discourse
Severity
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.5Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.0
- Type
- SEMVER
- Events
-
Introduced3.2.0-beta1Last affected3.2.0-beta1Introduced3.2.0-beta2Last affected3.2.0-beta2Introduced3.2.0-beta3Last affected3.2.0-beta3Introduced3.2.0-beta4Last affected3.2.0-beta4