CVE-2023-22740 – Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts
https://notcve.org/view.php?id=CVE-2023-22740
Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). • https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576 https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-23616 – Discourse membership requests lack character limit
https://notcve.org/view.php?id=CVE-2023-23616
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests. • https://github.com/discourse/discourse/commit/3e0cc4a5d9ef44ad902f6985d046ebb32f0a14ee https://github.com/discourse/discourse/commit/d5745d34c20c31a221039d8913f33064433003ea https://github.com/discourse/discourse/pull/19993 https://github.com/discourse/discourse/security/advisories/GHSA-6xff-p329-9pgf • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-23620 – Discourse restricted tag routes leak topic information
https://notcve.org/view.php?id=CVE-2023-23620
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de discusión de código abierto. • https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164 https://github.com/discourse/discourse/pull/20004 https://github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-22739 – Discourse subject to Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2023-22739
Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds. • https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-22468 – Discourse vulnerable to Cross-site Scripting in local oneboxes
https://notcve.org/view.php?id=CVE-2023-22468
Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). • https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •