CVE-2023-43657 - OpenCVE

Vendors	Products
Discourse	Discourse-encrypt

Link	Providers
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e
https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43657", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-20T15:35:38.148Z", "datePublished": "2023-09-28T18:04:26.672Z", "dateUpdated": "2024-08-02T19:44:44.057Z"}, "containers": {"cna": {"title": "Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v"}, {"name": "https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e"}, {"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "tags": ["x_refsource_MISC"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"}], "affected": [{"vendor": "discourse", "product": "discourse-encrypt", "versions": [{"version": "<= c492904c", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-28T18:04:26.672Z"}, "descriptions": [{"lang": "en", "value": "discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured."}], "source": {"advisory": "GHSA-5fh6-wp7p-xx7v", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:44:44.057Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v"}, {"name": "https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e"}, {"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse-encrypt:*:*:*:*:*:discourse:*:*", "matchCriteriaId": "F107A6F2-A831-40B8-9052-CE35E247D142", "versionEndExcluding": "2023-09-28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured."}, {"lang": "es", "value": "discourse-encrypt es un complemento que proporciona un canal de comunicaci\u00f3n seguro a trav\u00e9s de Discourse. El escape inadecuado de los topic titles cifrados podr\u00eda provocar un problema de Cross Site Scripting (XSS) cuando un sitio tiene los encabezados de la pol\u00edtica de seguridad de contenido (CSP) deshabilitados. Tener CSP deshabilitado es una configuraci\u00f3n no predeterminada, y tenerlo deshabilitado con el discourse-encrypt instalado generar\u00e1 una advertencia en el panel de administraci\u00f3n de Discourse. Esto se solucion\u00f3 en el commit `9c75810af9` que se incluye en la \u00faltima versi\u00f3n del complemento discourse-encrypt. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben asegurarse de que los encabezados CSP est\u00e9n habilitados y configurados correctamente."}], "id": "CVE-2023-43657", "lastModified": "2023-10-02T20:15:53.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-28T19:15:10.547", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object