CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31182 – Cache poisoning via maliciously-formed request in Discourse
https://notcve.org/view.php?id=CVE-2022-31182
01 Aug 2022 — Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31096 – Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse
https://notcve.org/view.php?id=CVE-2022-31096
27 Jun 2022 — Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to... • https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r • CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31060 – Banner topic data is exposed on login-required Discourse sites
https://notcve.org/view.php?id=CVE-2022-31060
14 Jun 2022 — Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners. Discourse es una plataforma de discusión de código abierto. • https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31025 – Invite bypasses user approval in Discourse
https://notcve.org/view.php?id=CVE-2022-31025
03 Jun 2022 — Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_l... • https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf • CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24850 – Category group permissions leaked in Discourse
https://notcve.org/view.php?id=CVE-2022-24850
14 Apr 2022 — Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem. • https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24824 – Anonymous user cache poisoning in discourse
https://notcve.org/view.php?id=CVE-2022-24824
14 Apr 2022 — Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue. • https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24804 – Private group name exposure in discourse
https://notcve.org/view.php?id=CVE-2022-24804
11 Apr 2022 — Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting. Discourse es una plataforma de código abierto pa... • https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24782 – Secure category names leaked via user activity export in Discourse
https://notcve.org/view.php?id=CVE-2022-24782
24 Mar 2022 — Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. • https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23641 – Denial of Service in Discourse
https://notcve.org/view.php?id=CVE-2022-23641
15 Feb 2022 — Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable ... • https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-21677 – Group advanced search option may leak group and group's members visibility
https://notcve.org/view.php?id=CVE-2022-21677
14 Jan 2022 — Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a group's visibility and the group's members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.... • https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •