Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
History

Wed, 11 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Discourse
Discourse discourse
CPEs cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta3:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta4:*:*:beta:*:*:*
Vendors & Products Discourse
Discourse discourse

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-30T14:33:48.589Z

Updated: 2024-08-02T04:19:20.670Z

Reserved: 2024-06-21T18:15:22.262Z

Link: CVE-2024-39320

cve-icon Vulnrichment

Updated: 2024-07-30T17:25:48.716Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-30T15:15:12.180

Modified: 2024-09-11T14:09:44.857

Link: CVE-2024-39320

cve-icon Redhat

No data.