CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24827 – No rate limits on POST /uploads endpoint in Discourse
https://notcve.org/view.php?id=CVE-2024-24827
15 Mar 2024 — Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stab... • https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23834 – Discourse improperly sanitized user input leads to XSS
https://notcve.org/view.php?id=CVE-2024-23834
30 Jan 2024 — Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`. • https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-49099 – Discourse secure uploads accessible to guests even when login is required
https://notcve.org/view.php?id=CVE-2023-49099
12 Jan 2024 — Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4. Discourse es una plataforma para la discusión comunitaria. En circunstancias muy específicas, los usuarios invitados pueden acceder a las URL de carga segura asociadas con las publicaciones incluso cuando se requiere iniciar sesión. • https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21655 – Insufficient control of custom field value sizes
https://notcve.org/view.php?id=CVE-2024-21655
12 Jan 2024 — Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4. Discourse es una plataforma para la discusión comunitaria. • https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48297 – Discourse vulnerable to unlimited mentioned users in message serializer
https://notcve.org/view.php?id=CVE-2023-48297
12 Jan 2024 — Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. Discourse es una plataforma para la discusión comunitaria. El serializador de mensajes utiliza la lista completa de menciones de chat ampliadas (@all y @here), lo que puede conducir a una gran variedad de usuarios. • https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47121 – Discourse SSRF vulnerability in Embedding
https://notcve.org/view.php?id=CVE-2023-47121
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-47120 – Discourse DoS through Onebox favicon URL
https://notcve.org/view.php?id=CVE-2023-47120
10 Nov 2023 — Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una ... • https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 1CVE-2023-47119 – HTML injection in oneboxed links
https://notcve.org/view.php?id=CVE-2023-47119
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/BaadMaro/CVE-2023-47119 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-46130 – Bypassing height value allowed in some theme components
https://notcve.org/view.php?id=CVE-2023-46130
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch a... • https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45816 – Unread bookmark reminder notifications that the user cannot access can be seen
https://notcve.org/view.php?id=CVE-2023-45816
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and... • https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •