CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-31142 – Discourse's general category permissions could be set back to default
https://notcve.org/view.php?id=CVE-2023-31142
13 Jun 2023 — Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose. • https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30611 – Reaction metadata exposed in private topics in Discourse-reactions
https://notcve.org/view.php?id=CVE-2023-30611
19 Apr 2023 — Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue. • https://github.com/discourse/discourse-reactions/commit/01aca15b2774c088f3673118e92e9469f37d2fb6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30606 – Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse
https://notcve.org/view.php?id=CVE-2023-30606
18 Apr 2023 — Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. • https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-30538 – Stored Cross-site Scripting via improper sanitization of svg files in Discourse
https://notcve.org/view.php?id=CVE-2023-30538
18 Apr 2023 — Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `aut... • https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29196 – HTML injection via topic embedding in Discourse
https://notcve.org/view.php?id=CVE-2023-29196
18 Apr 2023 — Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. • https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 210EXPL: 0CVE-2023-28440 – Denial of service via admin theme import route in Discourse
https://notcve.org/view.php?id=CVE-2023-28440
18 Apr 2023 — Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. • https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28112 – Discourse's SSRF protection missing for some FastImage requests
https://notcve.org/view.php?id=CVE-2023-28112
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This affects any site running the `tests-passed` or `beta` branches versions 3.1.0.beta2 and prior. This issue is patched in version 3.1.0.beta3 of the `beta` and `tests-pa... • https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28111 – Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses
https://notcve.org/view.php?id=CVE-2023-28111
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. • https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28107 – Discourse vulnerable to multisite DoS by spamming backups
https://notcve.org/view.php?id=CVE-2023-28107
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no k... • https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25172 – Discourse vulnerable to Cross-site Scripting - user name displayed on post
https://notcve.org/view.php?id=CVE-2023-25172
17 Mar 2023 — Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta... • https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •