CVE-2023-44391 – Prevent unauthorized access to summary details in Discourse
https://notcve.org/view.php?id=CVE-2023-44391
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-44388 – Malicious requests can fill up the log files resulting in a deinal of service in Discourse
https://notcve.org/view.php?id=CVE-2023-44388
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server. • http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-43814 – Exposure of poll options and votes to unauthorized users in Discourse
https://notcve.org/view.php?id=CVE-2023-43814
Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version. • https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2023-43659 – Cross-site Scripting via email preview when CSP disabled in Discourse
https://notcve.org/view.php?id=CVE-2023-43659
Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. • https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-45147 – Arbitrary keys can be added to a topic's custom fields by any user in Discourse
https://notcve.org/view.php?id=CVE-2023-45147
Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. • https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •