Vulnerability Description
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 3.1.5 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606Patch
- https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pcVendor Advisory
- https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094Release NotesVendor Advisory
- https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-reRelease NotesVendor Advisory
- https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606Patch
- https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pcVendor Advisory
- https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094Release NotesVendor Advisory
- https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-reRelease NotesVendor Advisory
FAQ
What is CVE-2024-23834?
CVE-2024-23834 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have d...
How severe is CVE-2024-23834?
CVE-2024-23834 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23834?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.