CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45051 – Bypass of email address validation via encoded email addresses in Discourse
https://notcve.org/view.php?id=CVE-2024-45051
07 Oct 2024 — Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/discourse/discourse/security/advisories/GHSA-2vjv-pgh4-6rmq • CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45303 – Discourse Calendar plugin event names susceptible to XSS
https://notcve.org/view.php?id=CVE-2024-45303
12 Sep 2024 — Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin. • https://github.com/discourse/discourse-calendar/commit/81e1c8e3c4c02276fb890da7e3f684259aeb685c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21658 – Insufficient control of region value length in discourse-calendar
https://notcve.org/view.php?id=CVE-2024-21658
30 Aug 2024 — discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. • https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43408 – Discourse Placeholder Forms has a XSS stopped by CSP
https://notcve.org/view.php?id=CVE-2024-43408
20 Aug 2024 — Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7. • https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39320 – Discourse allows iframe injection though default site setting
https://notcve.org/view.php?id=CVE-2024-39320
30 Jul 2024 — Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. • https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37299 – Discourse vulnerable to DoS via Tag Group
https://notcve.org/view.php?id=CVE-2024-37299
30 Jul 2024 — Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. • https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37165 – Discourse has an XSS via Onebox system
https://notcve.org/view.php?id=CVE-2024-37165
30 Jul 2024 — Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3. • https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38360 – Denial of service via Watched Words in Discourse
https://notcve.org/view.php?id=CVE-2024-38360
15 Jul 2024 — Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current betas. Users are advised to upgrade. Users unable to upgrade may manually remove the long watched words either via SQL or Rails console. • https://github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37157 – Discourse vulnerable to Server-Side Request Forgery via FastImage
https://notcve.org/view.php?id=CVE-2024-37157
03 Jul 2024 — Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available. • https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36122 – Discourse doesn't limit reviewable user serializer payload
https://notcve.org/view.php?id=CVE-2024-36122
03 Jul 2024 — Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing... • https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •