CVE-2023-47119 - OpenCVE

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Discourse	Discourse

Configuration 1 [-]

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:::::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta1:::beta:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta2:::beta:::*

No data.

References

Link	Providers
https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09
https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c
https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-10T15:00:38.158Z

Updated: 2024-09-03T18:56:52.373Z

Reserved: 2023-10-30T19:57:51.674Z

Link: CVE-2023-47119

Vulnrichment

Updated: 2024-08-02T21:01:22.686Z

NVD

Status : Analyzed

Published: 2023-11-10T15:15:09.077

Modified: 2023-11-16T19:59:21.690

Link: CVE-2023-47119

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47119", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-30T19:57:51.674Z", "datePublished": "2023-11-10T15:00:38.158Z", "dateUpdated": "2024-09-03T18:56:52.373Z"}, "containers": {"cna": {"title": "HTML injection in oneboxed links", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"}, {"name": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"}, {"name": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": "< 3.1.3", "status": "affected"}, {"version": ">= 3.2.0.beta0, < 3.2.0.beta3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-10T15:09:38.992Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."}], "source": {"advisory": "GHSA-j95w-5hvx-jp5w", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.686Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"}, {"name": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"}, {"name": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"}]}, {"affected": [{"vendor": "discourse", "product": "discourse", "cpes": ["cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.1.3", "versionType": "custom"}, {"version": "3.2.0.beta0", "status": "affected", "lessThan": "3.2.0.beta3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T18:52:01.171694Z", "id": "CVE-2023-47119", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T18:56:52.373Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09", "name": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c", "name": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.686Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47119", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T18:52:01.171694Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"], "vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": "0", "lessThan": "3.1.3", "versionType": "custom"}, {"status": "affected", "version": "3.2.0.beta0", "lessThan": "3.2.0.beta3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T18:56:46.029Z"}}], "cna": {"title": "HTML injection in oneboxed links", "source": {"advisory": "GHSA-j95w-5hvx-jp5w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": "< 3.1.3"}, {"status": "affected", "version": ">= 3.2.0.beta0, < 3.2.0.beta3"}]}], "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09", "name": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c", "name": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-10T15:09:38.992Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47119", "state": "PUBLISHED", "dateUpdated": "2024-09-03T18:56:52.373Z", "dateReserved": "2023-10-30T19:57:51.674Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-11-10T15:00:38.158Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C", "versionEndExcluding": "3.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", "matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D", "versionEndExcluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama `stable` y la versi\u00f3n 3.2.0.beta3 de las ramas `beta` y `tests-passed`, algunos enlaces pueden inyectar etiquetas HTML arbitrarias cuando se procesan a trav\u00e9s de nuestro motor Onebox. El problema se solucion\u00f3 en la versi\u00f3n 3.1.3 de la rama \"stable\" y en la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."}], "id": "CVE-2023-47119", "lastModified": "2023-11-16T19:59:21.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-10T15:15:09.077", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}