Filtered by vendor Discourse
Subscribe
Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23622 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 4.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions. | |||||
| CVE-2023-25167 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 5.7 MEDIUM |
| Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-46150 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 4.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users. | |||||
| CVE-2022-46148 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 5.4 MEDIUM |
| Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. | |||||
| CVE-2023-28111 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 7.5 HIGH |
| Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | |||||
| CVE-2022-23548 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 6.5 MEDIUM |
| Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. | |||||
| CVE-2023-26040 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 6.1 MEDIUM |
| Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds. | |||||
| CVE-2022-46162 | 1 Discourse | 1 Discourse Bbcode | 2024-02-04 | N/A | 9.8 CRITICAL |
| discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode. | |||||
| CVE-2023-25819 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse. | |||||
| CVE-2022-39270 | 1 Discourse | 1 Discotoc | 2024-02-04 | N/A | 5.4 MEDIUM |
| DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level - configured in component's settings) are able to inject arbitrary HTML on that topic's page. The issue has been fixed on the `main` branch. Admins can update the theme component through the admin UI (Customize -> Themes -> Components -> DiscoTOC -> Check for Updates). Alternatively, admins can temporarily disable the DiscoTOC theme component. | |||||
| CVE-2022-39232 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 4.3 MEDIUM |
| Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console. | |||||
| CVE-2022-31182 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 5.3 MEDIUM |
| Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-37458 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 7.2 HIGH |
| Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. | |||||
| CVE-2022-39279 | 1 Discourse | 1 Discourse-chat | 2024-02-04 | N/A | 5.4 MEDIUM |
| discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-39241 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 4.9 MEDIUM |
| Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs. | |||||
| CVE-2022-36057 | 1 Discourse | 1 Discourse-chat | 2024-02-04 | N/A | 4.8 MEDIUM |
| Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue. | |||||
| CVE-2022-39378 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 5.3 MEDIUM |
| Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available. | |||||
| CVE-2022-39355 | 1 Discourse | 1 Patreon | 2024-02-04 | N/A | 9.8 CRITICAL |
| Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts. | |||||
| CVE-2022-39356 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 8.8 HIGH |
| Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses. | |||||
| CVE-2022-31184 | 1 Discourse | 1 Discourse | 2024-02-04 | N/A | 7.5 HIGH |
| Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email. | |||||