CVE-2022-24824 – Anonymous user cache poisoning in discourse
https://notcve.org/view.php?id=CVE-2022-24824
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue. • https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2022-24804 – Private group name exposure in discourse
https://notcve.org/view.php?id=CVE-2022-24804
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2 https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVE-2022-24782 – Secure category names leaked via user activity export in Discourse
https://notcve.org/view.php?id=CVE-2022-24782
Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. • https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356 https://github.com/discourse/discourse/pull/16273 https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-23641 – Denial of Service in Discourse
https://notcve.org/view.php?id=CVE-2022-23641
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed. • https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e https://github.com/discourse/discourse/pull/15927 https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-21677 – Group advanced search option may leak group and group's members visibility
https://notcve.org/view.php?id=CVE-2022-21677
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a group's visibility and the group's members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group's visibility and members visibility level. • https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44 https://github.com/discourse/discourse/security/advisories/GHSA-768r-ppv4-5r27 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •