CVE-2021-41163 – RCE via malicious SNS subscription payload
https://notcve.org/view.php?id=CVE-2021-41163
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy. • https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9 https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-41095 – XSS via blocked watched word in error message
https://notcve.org/view.php?id=CVE-2021-41095
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. • https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59 https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24327
https://notcve.org/view.php?id=CVE-2020-24327
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. Se presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) en Discourse 2.3.2 y 2.6, por medio de la función de correo electrónico. Cuando se escribe un correo electrónico en un editor, se pueden cargar imágenes de sitios web remotos • https://github.com/discourse/discourse/pull/10509 https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-41082 – Private message title and participating users leaked in discourse
https://notcve.org/view.php?id=CVE-2021-41082
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch. • https://github.com/discourse/discourse/commit/27bad28c530c89acab35a56b945b6a3924280f4b https://github.com/discourse/discourse/commit/ddb458343dc39a7a8c99467dcd809b444514fe2c https://github.com/discourse/discourse/security/advisories/GHSA-vm3x-w6jm-j9vv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVE-2021-39161 – Cross-site scripting via category name in Discourse
https://notcve.org/view.php?id=CVE-2021-39161
Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. • https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •