CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28112 – Discourse's SSRF protection missing for some FastImage requests
https://notcve.org/view.php?id=CVE-2023-28112
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This affects any site running the `tests-passed` or `beta` branches versions 3.1.0.beta2 and prior. This issue is patched in version 3.1.0.beta3 of the `beta` and `tests-pa... • https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28111 – Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses
https://notcve.org/view.php?id=CVE-2023-28111
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. • https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28107 – Discourse vulnerable to multisite DoS by spamming backups
https://notcve.org/view.php?id=CVE-2023-28107
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no k... • https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25172 – Discourse vulnerable to Cross-site Scripting - user name displayed on post
https://notcve.org/view.php?id=CVE-2023-25172
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta... • https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26040 – Discourse chat messages susceptible to Cross-site Scripting through chat excerpts
https://notcve.org/view.php?id=CVE-2023-26040
17 Mar 2023 — Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds. • https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 207EXPL: 0CVE-2023-23622 – Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users
https://notcve.org/view.php?id=CVE-2023-23622
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version... • https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 208EXPL: 0CVE-2023-23935 – Presence of restricted personal Discourse messages may be leaked if tagged with a tag
https://notcve.org/view.php?id=CVE-2023-23935
16 Mar 2023 — Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message. In t... • https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25819 – Discourse tags with no visibility are leaking into og:article:tag
https://notcve.org/view.php?id=CVE-2023-25819
04 Mar 2023 — Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse. • https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25167 – Regular expression denial of service via installing themes via git in discourse
https://notcve.org/view.php?id=CVE-2023-25167
08 Feb 2023 — Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 208EXPL: 0CVE-2023-23615 – Malicious users in Discourse can create spam topics as any user due to improper access control
https://notcve.org/view.php?id=CVE-2023-23615
03 Feb 2023 — Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. • https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8 • CWE-284: Improper Access Control •