CVE-2023-36466 LOW

CVE-2023-36466: Topic Title Validation Skipped When Changing Category in Discourse

Vendor Discourse
Product discourse
Weakness CWE-20 · Input validation
Published July 14, 2023
Last update October 22, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.

Key dates

02Disclosure timeline

July 14, 2023 CVE published
October 22, 2024 Record updated