Multiple vulnerabilities in Discourse
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-45806 CVE-2023-45816 CVE-2023-46130 CVE-2023-47119 CVE-2023-47120 CVE-2023-47121 |
| CWE-ID | CWE-20 CWE-200 CWE-284 CWE-79 CWE-918 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Discourse Web applications / Forum & blogging software |
| Vendor | Civilized Discourse Construction Kit, Inc. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU83016
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-45806
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to regexp injection issue in Full Name. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDiscourse: 3.0 beta - 3.2.0 beta2
CPE2.3- cpe:2.3:a:discourse:discourse:3.0:beta:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:*:*:*:*
https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78
https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863
https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU83021
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-45816
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local attacker can gain access to unread bookmark reminder notifications.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDiscourse: 3.0 beta - 3.2.0 beta2
CPE2.3- cpe:2.3:a:discourse:discourse:3.0:beta:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:*:*:*:*
https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf
https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1
https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU83020
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-46130
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to height value bypass in some theme components. A remote user can add svgs with unlimited height attributes and affect the availability of subsequent replies in a topic.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDiscourse: 3.0 beta - 3.2.0 beta2
CPE2.3- cpe:2.3:a:discourse:discourse:3.0:beta:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:*:*:*:*
https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg
https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb
https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU83019
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-47119
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in oneboxed links. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDiscourse: 3.0 beta - 3.2.0 beta2
CPE2.3- cpe:2.3:a:discourse:discourse:3.0:beta:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:*:*:*:*
https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w
https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09
https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Input validation error
EUVDB-ID: #VU83018
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Onebox favicon URL. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDiscourse: 3.1.0 beta6 - 3.2.0 beta2
CPE2.3- cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:*:*:*:*
https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3
https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852
https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU83017
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47121
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in Embedding. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDiscourse: 3.0 beta - 3.2.0 beta2
CPE2.3- cpe:2.3:a:discourse:discourse:3.0:beta:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:*:*:*:*
https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc
https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1
https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
