CVE-2022-24850 – Category group permissions leaked in Discourse
https://notcve.org/view.php?id=CVE-2022-24850
Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem. • https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-24824 – Anonymous user cache poisoning in discourse
https://notcve.org/view.php?id=CVE-2022-24824
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue. • https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2022-24804 – Private group name exposure in discourse
https://notcve.org/view.php?id=CVE-2022-24804
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2 https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVE-2022-24782 – Secure category names leaked via user activity export in Discourse
https://notcve.org/view.php?id=CVE-2022-24782
Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. • https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356 https://github.com/discourse/discourse/pull/16273 https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-23641 – Denial of Service in Discourse
https://notcve.org/view.php?id=CVE-2022-23641
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed. • https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e https://github.com/discourse/discourse/pull/15927 https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •