CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24817 – User can see invitees in events created in PMs and private categories
https://notcve.org/view.php?id=CVE-2024-24817
22 Feb 2024 — Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs (private messages) can be retrieved by anyone, even if they're not logged in. This problem is resolved in version 0.4 of the discourse-calendar plugin. While no known workaround is available, putting the site behind `login_required` will disallow this endpoint to be used by anonymous... • https://github.com/discourse/discourse-calendar/commit/84ef46a38cf02748ecacad16c5d9c6fec12dc8da • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23654 – discourse-ai admin-initiated SSRF when interacting with AI services
https://notcve.org/view.php?id=CVE-2024-23654
21 Feb 2024 — discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin. discurso-ai es el complemento de inteligencia artificial para la plataforma de discusión de código abierto Discourse. Antes de... • https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46241 – Potential account take over due to unverified emails from Microsoft Identity Platform
https://notcve.org/view.php?id=CVE-2023-46241
21 Feb 2024 — `discourse-microsoft-auth` is a plugin that enables authentication via Microsoft. On sites with the `discourse-microsoft-auth` plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than `Accounts in this organizational directory only (O365 only - Single tenant)` are vulnerable. This vulnerability has been patched in commit c40665f44509724b64938c85def9fb2e79f62ec8 of `discourse-microsoft-auth`. ... • https://github.com/discourse/discourse-microsoft-auth/commit/c40665f44509724b64938c85def9fb2e79f62ec8 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24755 – discourse-group-membership-ip-block is exposing potentially sensitive custom fields
https://notcve.org/view.php?id=CVE-2024-24755
01 Feb 2024 — discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret. discourse-group-membership-ip-block es un complemento de discourse que agrega soporte para agregar usuarios a grupos según su dirección IP. discourse-group-membership-ip-block estaba enviando... • https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23834 – Discourse improperly sanitized user input leads to XSS
https://notcve.org/view.php?id=CVE-2024-23834
30 Jan 2024 — Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`. • https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-49099 – Discourse secure uploads accessible to guests even when login is required
https://notcve.org/view.php?id=CVE-2023-49099
12 Jan 2024 — Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4. Discourse es una plataforma para la discusión comunitaria. En circunstancias muy específicas, los usuarios invitados pueden acceder a las URL de carga segura asociadas con las publicaciones incluso cuando se requiere iniciar sesión. • https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21655 – Insufficient control of custom field value sizes
https://notcve.org/view.php?id=CVE-2024-21655
12 Jan 2024 — Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4. Discourse es una plataforma para la discusión comunitaria. • https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49098 – Reaction data for user notifications exposed in Discourse-reactions
https://notcve.org/view.php?id=CVE-2023-49098
12 Jan 2024 — Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939. Discourse-reactions es un complemento que permite al usuario agregar sus reacciones a la publicación. Los datos sobre las notificaciones de reacción de un usuario podrían quedar expuestos. • https://github.com/discourse/discourse-reactions/commit/2c26939395177730e492640d71aac68423be84fc • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48297 – Discourse vulnerable to unlimited mentioned users in message serializer
https://notcve.org/view.php?id=CVE-2023-48297
12 Jan 2024 — Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. Discourse es una plataforma para la discusión comunitaria. El serializador de mensajes utiliza la lista completa de menciones de chat ampliadas (@all y @here), lo que puede conducir a una gran variedad de usuarios. • https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47121 – Discourse SSRF vulnerability in Embedding
https://notcve.org/view.php?id=CVE-2023-47121
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1 • CWE-918: Server-Side Request Forgery (SSRF) •