CVE-2023-23615 – Malicious users in Discourse can create spam topics as any user due to improper access control
https://notcve.org/view.php?id=CVE-2023-23615
Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. • https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8 • CWE-284: Improper Access Control •
CVE-2023-23624 – Discourse's exclude_tags param could leak which topics had a specific hidden tag
https://notcve.org/view.php?id=CVE-2023-23624
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use. • https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a https://github.com/discourse/discourse/pull/20006 https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-23621 – Discourse vulnerable to ReDoS in user agent parsing
https://notcve.org/view.php?id=CVE-2023-23621
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de discusión de código abierto. • https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458 https://github.com/discourse/discourse/pull/20002 https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2023-22740 – Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts
https://notcve.org/view.php?id=CVE-2023-22740
Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). • https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576 https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-23616 – Discourse membership requests lack character limit
https://notcve.org/view.php?id=CVE-2023-23616
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests. • https://github.com/discourse/discourse/commit/3e0cc4a5d9ef44ad902f6985d046ebb32f0a14ee https://github.com/discourse/discourse/commit/d5745d34c20c31a221039d8913f33064433003ea https://github.com/discourse/discourse/pull/19993 https://github.com/discourse/discourse/security/advisories/GHSA-6xff-p329-9pgf • CWE-400: Uncontrolled Resource Consumption •