Executive Summary

Informations
Name CVE-2023-45147 First vendor Publication 2023-10-16
Vendor Cve Last vendor Modification 2023-11-01

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Overall CVSS Score 3.1
Base Score 3.1 Environmental Score 3.1
impact SubScore 1.4 Temporal Score 3.1
Exploitabality Sub Score 1.6
 
Attack Vector Network Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact Low Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45147

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 220

Sources (Detail)

Source Url
MISC https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2024-02-02 02:49:03
  • Multiple Updates
2024-02-01 12:31:12
  • Multiple Updates
2023-11-01 21:27:47
  • Multiple Updates
2023-10-17 17:27:21
  • Multiple Updates
2023-10-17 00:27:20
  • First insertion