CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-47120 – Discourse DoS through Onebox favicon URL
https://notcve.org/view.php?id=CVE-2023-47120
10 Nov 2023 — Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una ... • https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.4EPSS: 8%CPEs: 4EXPL: 1CVE-2023-47119 – HTML injection in oneboxed links
https://notcve.org/view.php?id=CVE-2023-47119
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/BaadMaro/CVE-2023-47119 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-46130 – Bypassing height value allowed in some theme components
https://notcve.org/view.php?id=CVE-2023-46130
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch a... • https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45816 – Unread bookmark reminder notifications that the user cannot access can be seen
https://notcve.org/view.php?id=CVE-2023-45816
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and... • https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 3%CPEs: 4EXPL: 2CVE-2023-45806 – Discourse vulnerable to DoS via Regexp Injection in Full Name
https://notcve.org/view.php?id=CVE-2023-45806
10 Nov 2023 — Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for th... • https://github.com/pikariop/yksivaihde-CVE-2023-45806 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43658 – Improper escaping of user input in discourse-calendar
https://notcve.org/view.php?id=CVE-2023-43658
16 Oct 2023 — dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. • https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45131 – Unauthenticated access to new private chat messages in Discourse
https://notcve.org/view.php?id=CVE-2023-45131
16 Oct 2023 — Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44391 – Prevent unauthorized access to summary details in Discourse
https://notcve.org/view.php?id=CVE-2023-44391
16 Oct 2023 — Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44388 – Malicious requests can fill up the log files resulting in a deinal of service in Discourse
https://notcve.org/view.php?id=CVE-2023-44388
16 Oct 2023 — Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server. • http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43814 – Exposure of poll options and votes to unauthorized users in Discourse
https://notcve.org/view.php?id=CVE-2023-43814
16 Oct 2023 — Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to th... • https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •