CVE-2022-39378 – Displaying user badges can leak topic titles to users that have no access to the topic
https://notcve.org/view.php?id=CVE-2022-39378
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. • https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-39241 – Possible Server-Side Request Forgery (SSRF) in webhooks
https://notcve.org/view.php?id=CVE-2022-39241
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs. Discourse es una plataforma para la discusión comunitaria. • https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-39232 – Discourse vulnerable to incomplete quote causing a topic to crash in the browser
https://notcve.org/view.php?id=CVE-2022-39232
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console. Discourse es una plataforma de debate de código abierto. • https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530 https://github.com/discourse/discourse/pull/18311 https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5 • CWE-20: Improper Input Validation •
CVE-2022-39226 – Discourse user profile location and website fields were not sufficiently length-limited
https://notcve.org/view.php?id=CVE-2022-39226
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de discusión de código abierto. • https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71 https://github.com/discourse/discourse/pull/18302 https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-36068 – Discourse moderators can edit themes via the API
https://notcve.org/view.php?id=CVE-2022-36068
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de debate de código abierto. • https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6 https://github.com/discourse/discourse/pull/18418 https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q • CWE-862: Missing Authorization •