PT-2023-19077 · Discourse · Discourse

Pmusaraj

Publicado

2023-02-03

Atualizado

2024-03-06

CVE-2023-23615

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest stable, beta and tests-passed versions

Description The issue allows exploitation of embeddable comments to create new topics as any user without a clear title or content.

Recommendations For versions prior to the latest stable, beta and tests-passed versions, update to the latest version to resolve the issue. As a temporary workaround, consider disabling embeddable comments by deleting all embeddable hosts.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BIT-DISCOURSE-2023-23615

CVE-2023-23615

GHSA-7MF3-5V84-WXQ8

Produtos afetados

Discourse

PT-2023-19077 · Discourse · Discourse

CVE-2023-23615

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5