CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43659 – Cross-site Scripting via email preview when CSP disabled in Discourse
https://notcve.org/view.php?id=CVE-2023-43659
16 Oct 2023 — Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. • https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45147 – Arbitrary keys can be added to a topic's custom fields by any user in Discourse
https://notcve.org/view.php?id=CVE-2023-45147
16 Oct 2023 — Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. • https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44384 – Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location
https://notcve.org/view.php?id=CVE-2023-44384
06 Oct 2023 — Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. Discourse-jira es ... • https://github.com/discourse/discourse-jira/commit/8a2d3ad228883199fd5f081cc93d173c88e2e48f • CWE-691: Insufficient Control Flow Management CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43657 – Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration
https://notcve.org/view.php?id=CVE-2023-43657
28 Sep 2023 — discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the disc... • https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 214EXPL: 0CVE-2023-41043 – Discourse DoS via SvgSprite cache
https://notcve.org/view.php?id=CVE-2023-41043
15 Sep 2023 — Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite insta... • https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 214EXPL: 0CVE-2023-41042 – Discourse DoS via remote theme assets
https://notcve.org/view.php?id=CVE-2023-41042
15 Sep 2023 — Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de debate de código abierto. • https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 214EXPL: 0CVE-2023-40588 – Discourse DoS via 2FA and Security Key Names
https://notcve.org/view.php?id=CVE-2023-40588
15 Sep 2023 — Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de debate de código... • https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 1CVE-2023-38706 – Discourse vulnerable to DoS via drafts
https://notcve.org/view.php?id=CVE-2023-38706
15 Sep 2023 — Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de debate de código a... • https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 212EXPL: 0CVE-2023-38685 – Discourse's restricted tag information visible to unauthenticated users
https://notcve.org/view.php?id=CVE-2023-38685
28 Jul 2023 — Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. • https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 212EXPL: 0CVE-2023-38684 – Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions
https://notcve.org/view.php?id=CVE-2023-38684
28 Jul 2023 — Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0... • https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70 • CWE-770: Allocation of Resources Without Limits or Throttling •