CVE-2023-36473 — MEDIUM (6.8)

Q: How severe is CVE-2023-36473?

CVE-2023-36473 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-36473?

Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.

Vulnerability Description

Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Discourse	Discourse	< 3.0.5

Related Weaknesses (CWE)

CWE-79

References

https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppqVendor Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppqVendor Advisory

FAQ

What is CVE-2023-36473?

CVE-2023-36473 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the momen...

How severe is CVE-2023-36473?

CVE-2023-36473 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-36473?

Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.