HomePentest-Tools.com Logo

Discourse 3.1.x < 3.1.0.beta2 Multiple Vulnerabilities CVE-2023-22468CVE-2023-23615CVE-2023-23620CVE-2023-23621CVE-2023-23624CVE-2023-22739CVE-2023-25167

Severity
CVSSv3 Score
5.7
Vulnerability description

Discourse is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2023-22468: Stored XSS in local oneboxes - CVE-2023-23615: Malicious users can create spam topics as any user - CVE-2023-23620: Restricted tag routes leak topic information - CVE-2023-23621: ReDoS in user agent parsing - CVE-2023-23624: Exclude_tags param could leak which topics had a specific hidden tag - CVE-2023-22739: DoS through topic drafts - CVE-2023-25167: ReDoS through installing themes via git

Recommendation

Update to version 3.1.0.beta2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 26, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available