CVE-2023-46241 – Potential account take over due to unverified emails from Microsoft Identity Platform
https://notcve.org/view.php?id=CVE-2023-46241
`discourse-microsoft-auth` is a plugin that enables authentication via Microsoft. On sites with the `discourse-microsoft-auth` plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than `Accounts in this organizational directory only (O365 only - Single tenant)` are vulnerable. This vulnerability has been patched in commit c40665f44509724b64938c85def9fb2e79f62ec8 of `discourse-microsoft-auth`. A `microsoft_auth:revoke` rake task has also been added which will deactivate and log out all users that have connected their accounts to Microsoft. • https://github.com/discourse/discourse-microsoft-auth/commit/c40665f44509724b64938c85def9fb2e79f62ec8 https://github.com/discourse/discourse-microsoft-auth/security/advisories/GHSA-2w32-w539-3m7r https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types • CWE-863: Incorrect Authorization •
CVE-2024-24755 – discourse-group-membership-ip-block is exposing potentially sensitive custom fields
https://notcve.org/view.php?id=CVE-2024-24755
discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret. discourse-group-membership-ip-block es un complemento de discourse que agrega soporte para agregar usuarios a grupos según su dirección IP. discourse-group-membership-ip-block estaba enviando todos los campos personalizados del grupo al cliente, incluidos los campos personalizados del grupo de otros complementos que pueden esperar que sus campos personalizados permanezcan en secreto. • https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1 https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-23834 – Discourse improperly sanitized user input leads to XSS
https://notcve.org/view.php?id=CVE-2024-23834
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`. • https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000 https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094 https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-49099 – Discourse secure uploads accessible to guests even when login is required
https://notcve.org/view.php?id=CVE-2023-49099
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4. Discourse es una plataforma para la discusión comunitaria. En circunstancias muy específicas, los usuarios invitados pueden acceder a las URL de carga segura asociadas con las publicaciones incluso cuando se requiere iniciar sesión. • https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53 https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4 • CWE-284: Improper Access Control •
CVE-2024-21655 – Insufficient control of custom field value sizes
https://notcve.org/view.php?id=CVE-2024-21655
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4. Discourse es una plataforma para la discusión comunitaria. • https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •