Skip to content

CSP Nonce Reuse Vulnerability

Moderate
jomaxro published GHSA-9f52-624j-8ppq Jul 11, 2023

Package

Discourse (Discourse)

Affected versions

stable <= 3.0.4; beta <= 3.1.0.beta5; tests-passed <= 3.1.0.beta5

Patched versions

stable >= 3.0.5; beta >= 3.1.0.beta6; tests-passed >= 3.1.0.beta6

Description

Impact

A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP.

Patches

The vulnerability is patched in the latest tests-passed, beta and stable branches.

Workarounds

A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the gtm container id setting.

Severity

Moderate
6.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE ID

CVE-2023-36473

Weaknesses

No CWEs