Unrated severityNVD Advisory· Published Jul 13, 2023· Updated Oct 21, 2024

CSP nonce reuse vulnerability in Discourse

CVE-2023-36473

Description

Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.

Affected products

Discourse (software)/Discoursev5
Range: stable >= 3.0.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppqmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000