CVE-2023-44384 – Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location
https://notcve.org/view.php?id=CVE-2023-44384
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. Discourse-jira es un complemento de Discourse que permite que los proyectos, tipos de problemas, campos y opciones de campos de Jira se sincronicen automáticamente. Un usuario administrador puede realizar un ataque SSRF configurando la URL de Jira en una ubicación arbitraria y habilitando la configuración del sitio `discourse_jira_verbose_log`. • https://github.com/discourse/discourse-jira/commit/8a2d3ad228883199fd5f081cc93d173c88e2e48f https://github.com/discourse/discourse-jira/pull/50 https://github.com/discourse/discourse-jira/security/advisories/GHSA-pmv5-h2x6-35fh • CWE-691: Insufficient Control Flow Management CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-43657 – Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration
https://notcve.org/view.php?id=CVE-2023-43657
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. • https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41043 – Discourse DoS via SvgSprite cache
https://notcve.org/view.php?id=CVE-2023-41043
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. • https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-41042 – Discourse DoS via remote theme assets
https://notcve.org/view.php?id=CVE-2023-41042
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de debate de código abierto. • https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-40588 – Discourse DoS via 2FA and Security Key Names
https://notcve.org/view.php?id=CVE-2023-40588
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de debate de código abierto. • https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx • CWE-770: Allocation of Resources Without Limits or Throttling •