CVE-2023-36466

Summary

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.

Affected Software

VendorProductVersion RangeStatus
discoursediscoursestable < 3.0.5affected
discoursediscoursebeta < 3.1.0.beta6affected
discoursediscoursetests-passed < 3.1.0.beta6affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References