CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-21684 – User can bypass approval when invited to Discourse
https://notcve.org/view.php?id=CVE-2022-21684
Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. • https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2 https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-21678 – User's bio visible even if profile is restricted in Discourse
https://notcve.org/view.php?id=CVE-2022-21678
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse. Discourse es una plataforma de debate de código abierto. En versiones anteriores a 2.8.0.beta11 en la rama "tests-passed", la versión 2.8.0.beta11 en la rama "beta", y la versión 2.7.13 en la rama "stable", las biografías de los usuarios que hacían sus perfiles privados seguían siendo visibles en las etiquetas "(meta)" de sus páginas de usuario. • https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-21642 – Exposure of whisper participants in discourse
https://notcve.org/view.php?id=CVE-2022-21642
Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade. Discourse es una plataforma de código abierto para la discusión comunitaria. • https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 1CVE-2021-43850 – Denial of Service in discourse
https://notcve.org/view.php?id=CVE-2021-43850
Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. • https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39 https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43840 – Path traversal in message_bus
https://notcve.org/view.php?id=CVE-2021-43840
message_bus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled (default off) are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is no proxy for your web application as the number of steps up the directories is not bounded. For deployments which uses a proxy, the impact varies. For example, If a request goes through a proxy like Nginx with `merge_slashes` enabled, the number of steps up the directories that can be read is limited to 3 levels. • https://github.com/discourse/message_bus/commit/9b6deee01ed474c7e9b5ff65a06bb0447b4db2ba https://github.com/discourse/message_bus/security/advisories/GHSA-xmgj-5fh3-xjmm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •