How severe is CVE-2023-37467?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-37467?

This is classified as CWE-323, which is a common weakness in software security.

CVE-2023-37467

MEDIUM Year: 2023

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-323

View all →

Vulnerability Description

Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.

CVE-2017-13078

MEDIUM

CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points t...

CWE-3232017

CVE-2017-13079

MEDIUM

CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range...

CWE-3232017

CVE-2017-13080

MEDIUM

CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points ...

CWE-3232017

CVE-2017-13081

MEDIUM

CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio rang...

CWE-3232017

CVE-2017-13088

MEDIUM

CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response fram...

CWE-3232017

CVE-2024-23688

MEDIUM

CVSS:5.3(Medium)

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the se...

CWE-3232024

CVE-2023-37467

Vulnerability Description

Related Vulnerabilities

CVE-2017-13078

CVE-2017-13079

CVE-2017-13080

CVE-2017-13081

CVE-2017-13088

CVE-2024-23688