fkie_cve-2023-37467
Vulnerability from fkie_nvd
Published
2023-07-28 15:15
Modified
2024-11-21 08:11
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn\u0027t applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn\u0027t have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting."
}
],
"id": "CVE-2023-37467",
"lastModified": "2024-11-21T08:11:46.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-28T15:15:10.960",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-323"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.