CVSS: 4.3EPSS: 0%CPEs: 208EXPL: 0CVE-2023-23935 – Presence of restricted personal Discourse messages may be leaked if tagged with a tag
https://notcve.org/view.php?id=CVE-2023-23935
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message. In the patched versions, the count of personal messages tagged with a given tag is hidden by default. To revert to the old behaviour of displaying the count of personal messages for a given tag, an admin may enable the `display_personal_messages_tag_counts` site setting. • https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37 https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25169 – Yearly Review Plugin leaking anonymised users data in discourse-yearly-review
https://notcve.org/view.php?id=CVE-2023-25169
discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. • https://github.com/discourse/discourse-yearly-review/commit/b3ab33bbf7130fca54764cf0336395a8a1eeaf3c https://github.com/discourse/discourse-yearly-review/security/advisories/GHSA-x2r8-v85c-x3x7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25819 – Discourse tags with no visibility are leaking into og:article:tag
https://notcve.org/view.php?id=CVE-2023-25819
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse. • https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831 https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25167 – Regular expression denial of service via installing themes via git in discourse
https://notcve.org/view.php?id=CVE-2023-25167
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 208EXPL: 0CVE-2023-23615 – Malicious users in Discourse can create spam topics as any user due to improper access control
https://notcve.org/view.php?id=CVE-2023-23615
Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. • https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8 • CWE-284: Improper Access Control •