CVE-2021-43794 – Anonymous user cache poisoning via development-mode header in Discourse
https://notcve.org/view.php?id=CVE-2021-43794
Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Discourse es una plataforma de debate de código abierto. • https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1 https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2021-43792 – Notifications leak in Discourse
https://notcve.org/view.php?id=CVE-2021-43792
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. • https://github.com/discourse/discourse/commit/cdaf7f4bb3ec268238e4c29a14bb73fad56574b4 https://github.com/discourse/discourse/security/advisories/GHSA-pq2x-vq37-8522 https://meta.discourse.org/t/non-forum-staff-getting-notifications-for-staff-only-tags/184895 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-41271 – Cache poisoning via maliciously-formed request in discourse
https://notcve.org/view.php?id=CVE-2021-41271
Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Discourse es una plataforma para el debate comunitario. • https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1 https://github.com/discourse/discourse/security/advisories/GHSA-hf6r-mc9j-hf4p • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-41163 – RCE via malicious SNS subscription payload
https://notcve.org/view.php?id=CVE-2021-41163
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy. • https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9 https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-41095 – XSS via blocked watched word in error message
https://notcve.org/view.php?id=CVE-2021-41095
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. • https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59 https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •