What is CVE-2023-32061?

CVE-2023-32061 is a vulnerability in the Discourse open source discussion platform that allows an attacker to hide subsequent comments from other users.

What is the severity of CVE-2023-32061?

The severity of CVE-2023-32061 is medium with a CVSS score of 5.3.

Which versions of Discourse are affected by CVE-2023-32061?

Versions up to and including Discourse 3.0.4 of the stable branch and Discourse 3.1.0.beta5 of the beta and tests-passed branches are affected by CVE-2023-32061.

How can an attacker exploit CVE-2023-32061?

An attacker can exploit CVE-2023-32061 by taking advantage of the lack of restrictions on the iFrame tag in Discourse, allowing them to hide subsequent comments from other users.

Is there a fix for CVE-2023-32061?

Yes, upgrading to Discourse version 3.0.4 of the stable branch or version 3.1.0.beta5 of the beta and tests-passed branches will fix CVE-2023-32061.

Vulnerability/
CVE-2023-32061

medium

5.4

CWE

863

13/6/2023

2/8/2024

CVE-2023-32061: Discourse Topic Creation Page Allows iFrame Tag without Restrictions

First published: Tue Jun 13 2023(Updated: )

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Discourse Discourse	<3.0.4
Discourse Discourse	=3.1.0-beta1
Discourse Discourse	=3.1.0-beta2
Discourse Discourse	=3.1.0-beta3
Discourse Discourse	=3.1.0-beta4

Never miss a vulnerability like this again

Reference Links

https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g

Frequently Asked Questions

What is CVE-2023-32061?
CVE-2023-32061 is a vulnerability in the Discourse open source discussion platform that allows an attacker to hide subsequent comments from other users.
What is the severity of CVE-2023-32061?
The severity of CVE-2023-32061 is medium with a CVSS score of 5.3.
Which versions of Discourse are affected by CVE-2023-32061?
Versions up to and including Discourse 3.0.4 of the stable branch and Discourse 3.1.0.beta5 of the beta and tests-passed branches are affected by CVE-2023-32061.
How can an attacker exploit CVE-2023-32061?
An attacker can exploit CVE-2023-32061 by taking advantage of the lack of restrictions on the iFrame tag in Discourse, allowing them to hide subsequent comments from other users.
Is there a fix for CVE-2023-32061?
Yes, upgrading to Discourse version 3.0.4 of the stable branch or version 3.1.0.beta5 of the beta and tests-passed branches will fix CVE-2023-32061.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/author
agent/title
agent/last-modified-date
agent/tags
agent/event
agent/first-publish-date
agent/description
vendor/discourse
canonical/discourse discourse
version/discourse discourse/3.1.0-beta1
version/discourse discourse/3.1.0-beta2
version/discourse discourse/3.1.0-beta3
version/discourse discourse/3.1.0-beta4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.