CVE-2026-27570
EPSS 0.02%Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox
發布日:2026/3/27修改日:2026/4/2
描述
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, tighten access by changing the `ai_bot_public_sharing_allowed_groups` site setting.
受影響套件(1)
- Bitnami/discourse>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
參考連結(5)
- WEBhttps://github.com/discourse/discourse/commit/43a5a60b595f0120e6adfc131f2408508fe341f1
- WEBhttps://github.com/discourse/discourse/commit/c14f8f52b7999328bd9f8665f2ecfa24dadc4bf1
- WEBhttps://github.com/discourse/discourse/commit/f2aafa5c7467c94fcd4ebd36785a98e77ca088cc
- WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-hfxw-89hw-vwmv
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-27570