CVE-2023-26040 – Discourse chat messages susceptible to Cross-site Scripting through chat excerpts
https://notcve.org/view.php?id=CVE-2023-26040
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds. • https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70 https://github.com/discourse/discourse/security/advisories/GHSA-ccfc-qpmp-gq87 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-23622 – Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users
https://notcve.org/view.php?id=CVE-2023-23622
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions. • https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164 https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f https://github.com/discourse/discourse/pull/20004 https://github.com/discourse/discourse/pull/20005 https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-23935 – Presence of restricted personal Discourse messages may be leaked if tagged with a tag
https://notcve.org/view.php?id=CVE-2023-23935
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message. In the patched versions, the count of personal messages tagged with a given tag is hidden by default. To revert to the old behaviour of displaying the count of personal messages for a given tag, an admin may enable the `display_personal_messages_tag_counts` site setting. • https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37 https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-25819 – Discourse tags with no visibility are leaking into og:article:tag
https://notcve.org/view.php?id=CVE-2023-25819
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse. • https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831 https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2023-25167 – Regular expression denial of service via installing themes via git in discourse
https://notcve.org/view.php?id=CVE-2023-25167
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w • CWE-1333: Inefficient Regular Expression Complexity •