CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2022-39378 – Displaying user badges can leak topic titles to users that have no access to the topic
https://notcve.org/view.php?id=CVE-2022-39378
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. • https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 11EXPL: 0CVE-2022-39241 – Possible Server-Side Request Forgery (SSRF) in webhooks
https://notcve.org/view.php?id=CVE-2022-39241
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs. Discourse es una plataforma para la discusión comunitaria. • https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39355 – Discourse Patreon vulnerable to improper validation of email during Patreon authentication
https://notcve.org/view.php?id=CVE-2022-39355
Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts. • https://github.com/discourse/discourse-patreon/commit/846d012151514b35ce42a1636c7d70f6dcee879e https://github.com/discourse/discourse-patreon/security/advisories/GHSA-fvj9-f67v-qpr4 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39279 – Discourse-chat plugin susceptible to XSS in channel name and description
https://notcve.org/view.php?id=CVE-2022-39279
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue. discourse-chat es un plugin para el tablero de mensajes Discourse que añade funcionalidad de chat. • https://github.com/discourse/discourse-chat/commit/25737733af48e5b9fa60b0561d7fde14bea13cce https://github.com/discourse/discourse-chat/security/advisories/GHSA-qp62-8m3c-9jgj • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39270 – Arbitrary HTML injection in table-of-contents theme component in DiscoTOC
https://notcve.org/view.php?id=CVE-2022-39270
DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level - configured in component's settings) are able to inject arbitrary HTML on that topic's page. The issue has been fixed on the `main` branch. Admins can update the theme component through the admin UI (Customize -> Themes -> Components -> DiscoTOC -> Check for Updates). Alternatively, admins can temporarily disable the DiscoTOC theme component. • https://github.com/discourse/DiscoTOC/commit/f80c215a283cd045d2a371403e6eba88b2911192 https://github.com/discourse/DiscoTOC/security/advisories/GHSA-m44p-w923-w32h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •