CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36122 – Discourse doesn't limit reviewable user serializer payload
https://notcve.org/view.php?id=CVE-2024-36122
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue. • https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4 https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47 https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36113 – Discourse missing authorization checks for suspending admins/moderators
https://notcve.org/view.php?id=CVE-2024-36113
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available. • https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g • CWE-862: Missing Authorization •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35234 – Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
https://notcve.org/view.php?id=CVE-2024-35234
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum. • https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2 https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35227 – Discourse vulnerable to DoS through Onebox
https://notcve.org/view.php?id=CVE-2024-35227
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability. • https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36 https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27085 – Denial of service through invites in Discourse
https://notcve.org/view.php?id=CVE-2024-27085
Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting. • https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295 https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6 • CWE-400: Uncontrolled Resource Consumption •