CVSS: 4.3EPSS: 0%CPEs: 210EXPL: 0CVE-2023-36466 – Topic Title Validation Skipped When Changing Category in Discourse
https://notcve.org/view.php?id=CVE-2023-36466
14 Jul 2023 — Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse. • https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 210EXPL: 0CVE-2023-36473 – CSP nonce reuse vulnerability in Discourse
https://notcve.org/view.php?id=CVE-2023-36473
13 Jul 2023 — Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches. • https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34250 – Discourse vulnerable to exposure of number of topics recently created in private categories
https://notcve.org/view.php?id=CVE-2023-34250
13 Jun 2023 — Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. • https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32301 – Discourse's canonical url not being used for topic embeddings
https://notcve.org/view.php?id=CVE-2023-32301
13 Jun 2023 — Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled. • https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32061 – Discourse Topic Creation Page Allows iFrame Tag without Restrictions
https://notcve.org/view.php?id=CVE-2023-32061
13 Jun 2023 — Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. • https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-31142 – Discourse's general category permissions could be set back to default
https://notcve.org/view.php?id=CVE-2023-31142
13 Jun 2023 — Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose. • https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30606 – Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse
https://notcve.org/view.php?id=CVE-2023-30606
18 Apr 2023 — Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. • https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-30538 – Stored Cross-site Scripting via improper sanitization of svg files in Discourse
https://notcve.org/view.php?id=CVE-2023-30538
18 Apr 2023 — Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `aut... • https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29196 – HTML injection via topic embedding in Discourse
https://notcve.org/view.php?id=CVE-2023-29196
18 Apr 2023 — Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. • https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 210EXPL: 0CVE-2023-28440 – Denial of service via admin theme import route in Discourse
https://notcve.org/view.php?id=CVE-2023-28440
18 Apr 2023 — Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. • https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w • CWE-400: Uncontrolled Resource Consumption •