CVSS: 4.3EPSS: 0%CPEs: 208EXPL: 0CVE-2023-23616 – Discourse membership requests lack character limit
https://notcve.org/view.php?id=CVE-2023-23616
27 Jan 2023 — Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version ... • https://github.com/discourse/discourse/commit/3e0cc4a5d9ef44ad902f6985d046ebb32f0a14ee • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 208EXPL: 0CVE-2023-23620 – Discourse restricted tag routes leak topic information
https://notcve.org/view.php?id=CVE-2023-23620
27 Jan 2023 — Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de discusión de código abierto. • https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22739 – Discourse subject to Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2023-22739
26 Jan 2023 — Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds. • https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-22468 – Discourse vulnerable to Cross-site Scripting in local oneboxes
https://notcve.org/view.php?id=CVE-2023-22468
26 Jan 2023 — Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (test... • https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 206EXPL: 0CVE-2023-22455 – Discourse vulnerable to Cross-site Scripting through tag descriptions
https://notcve.org/view.php?id=CVE-2023-22455
05 Jan 2023 — Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch. • https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 206EXPL: 0CVE-2023-22454 – Discourse vulnerable to Cross-site Scripting through pending post titles descriptions
https://notcve.org/view.php?id=CVE-2023-22454
05 Jan 2023 — Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require moderator approval of all new topics" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. A patch is availa... • https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 206EXPL: 0CVE-2023-22453 – Discourse vulnerable to exposure of user post counts per topic to unauthorized users
https://notcve.org/view.php?id=CVE-2023-22453
05 Jan 2023 — Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround. • https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.4EPSS: 0%CPEs: 206EXPL: 0CVE-2022-46177 – Discourse password reset link can lead to in account takeover if user changes to a new email
https://notcve.org/view.php?id=CVE-2022-46177
05 Jan 2023 — Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account's primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an acco... • https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570 • CWE-613: Insufficient Session Expiration •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-23546 – Discourse vulnerable to private topic leak via email#send_digest
https://notcve.org/view.php?id=CVE-2022-23546
05 Jan 2023 — In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue. • https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 15EXPL: 0CVE-2022-46168 – Group SMTP user emails are exposed in CC email header
https://notcve.org/view.php?id=CVE-2022-46168
05 Jan 2023 — Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-s... • https://github.com/discourse/discourse/pull/19724 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •