CVE-2023-32301

Summary

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. As a workaround, disable topic embedding if it has been enabled.

Affected Software

VendorProductVersion RangeStatus
discoursediscourse< 3.0.4affected
discoursediscourse>= 3.1.0.beta1, < 3.1.0.beta5affected

Weaknesses

  • CWE-116: CWE-116: Improper Encoding or Escaping of Output

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References