CVE-2024-28242 – Disclosure of the existence of secret categories with custom backgrounds in Discourse
https://notcve.org/view.php?id=CVE-2024-28242
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds. • https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39 https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-24748 – Disclosure of the existence of secret subcategories in Discourse
https://notcve.org/view.php?id=CVE-2024-24748
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193 https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-24827 – No rate limits on POST /uploads endpoint in Discourse
https://notcve.org/view.php?id=CVE-2024-24827
Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. • https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-24817 – User can see invitees in events created in PMs and private categories
https://notcve.org/view.php?id=CVE-2024-24817
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs (private messages) can be retrieved by anyone, even if they're not logged in. This problem is resolved in version 0.4 of the discourse-calendar plugin. While no known workaround is available, putting the site behind `login_required` will disallow this endpoint to be used by anonymous users, but logged in users can still get the list of invitees in the private topics. Discourse Calendar agrega la capacidad de crear un calendario dinámico en la primera publicación de un tema en la plataforma de discusión de código abierto Discourse. • https://github.com/discourse/discourse-calendar/commit/84ef46a38cf02748ecacad16c5d9c6fec12dc8da https://github.com/discourse/discourse-calendar/security/advisories/GHSA-wwq5-g5cp-c69f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-23654 – discourse-ai admin-initiated SSRF when interacting with AI services
https://notcve.org/view.php?id=CVE-2024-23654
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin. discurso-ai es el complemento de inteligencia artificial para la plataforma de discusión de código abierto Discourse. Antes del commit 94ba0dadc2cf38e8f81c3936974c167219878edd, las interacciones con diferentes servicios de IA son vulnerables a ataques SSRF iniciados por el administrador. • https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc • CWE-918: Server-Side Request Forgery (SSRF) •