Home > Vulnerability Database > CVE-2023-23615

Mend.io Vulnerability Database

CVE-2023-23615

Good to know:

Date: February 3, 2023

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.

Language: Ruby

Severity Score

5.3

Related Resources (3)

Url: https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23615

Url: https://www.mend.io/vulnerability-database/CVE-2023-23615

Severity Score

5.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v3.0.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23615

Good to know:

Date: February 3, 2023

Language: Ruby

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?