CVE-2023-37467

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 28, 2023
Updated: Aug 3, 2023
CWE ID 323
CWE ID 79

Summary

CVE-2023-37467 is a vulnerability that affects the Discourse open source discussion platform. Specifically, versions prior to 3.1.0.beta7 of the 'beta' and 'tests-passed' branches are vulnerable to a Content Security Policy (CSP) nonce reuse vulnerability. This vulnerability could potentially allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous users. While there are currently no known XSS vectors, if one is discovered, it could successfully execute an XSS attack bypassing CSP. The vulnerability does not affect logged-in users. To remediate this vulnerability, users can update to version 3.1.0.beta7, which contains a patch. Alternatively, disabling Google Tag Manager by unsetting the 'gtm container id' setting can serve as a workaround to prevent the vulnerability. Organizations should be aware of the potential danger this vulnerability poses in terms of enabling successful XSS attacks against their platform and take appropriate steps to mitigate it.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37467 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options