CVE-2022-39378 – Displaying user badges can leak topic titles to users that have no access to the topic
https://notcve.org/view.php?id=CVE-2022-39378
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. • https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-39241 – Possible Server-Side Request Forgery (SSRF) in webhooks
https://notcve.org/view.php?id=CVE-2022-39241
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs. Discourse es una plataforma para la discusión comunitaria. • https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-39226 – Discourse user profile location and website fields were not sufficiently length-limited
https://notcve.org/view.php?id=CVE-2022-39226
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de discusión de código abierto. • https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71 https://github.com/discourse/discourse/pull/18302 https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-36068 – Discourse moderators can edit themes via the API
https://notcve.org/view.php?id=CVE-2022-36068
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de debate de código abierto. • https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6 https://github.com/discourse/discourse/pull/18418 https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q • CWE-862: Missing Authorization •
CVE-2022-36066 – Discourse vulnerable to RCE via admins uploading maliciously zipped file
https://notcve.org/view.php?id=CVE-2022-36066
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de debate de código abierto. • https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835 https://github.com/discourse/discourse/pull/18421 https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv • CWE-434: Unrestricted Upload of File with Dangerous Type •