VYPR

Bitnami package

discourse

pkg:bitnami/discourse

Vulnerabilities (246)

  • CVE-2023-28107Mar 17, 2023
    affected < 3.1.0fixed 3.1.0

    Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB.

  • CVE-2023-25172Mar 17, 2023
    affected < 3.1.0fixed 3.1.0

    Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on

  • CVE-2023-26040Mar 17, 2023
    affected >= 3.1.0-beta2, <= 3.1.0-beta2

    Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.bet

  • CVE-2023-23622Mar 17, 2023
    affected < 3.0.0fixed 3.0.0

    Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read

  • CVE-2023-23935Mar 16, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of wh

  • CVE-2023-25819Mar 4, 2023
    affected < 3.1.0fixed 3.1.0

    Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Disco

  • CVE-2023-25167Feb 8, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to

  • CVE-2023-23615Feb 3, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable emb

  • CVE-2023-23624Jan 27, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. T

  • CVE-2023-23621Jan 27, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is

  • CVE-2023-22740Jan 27, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an

  • CVE-2023-23620Jan 27, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version

  • CVE-2023-23616Jan 27, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potenti

  • CVE-2023-22739Jan 26, 2023
    affected < 3.0.1fixed 3.0.1

    Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious

  • CVE-2023-22468Jan 26, 2023
    affected < 2.8.13fixed 2.8.13

    Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting att

  • CVE-2023-22455Jan 5, 2023
    affected < 2.8.14fixed 2.8.14

    Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerabi

  • CVE-2023-22454Jan 5, 2023
    affected < 2.8.14fixed 2.8.14

    Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged use

  • CVE-2023-22453Jan 5, 2023
    affected < 2.8.14fixed 2.8.14

    Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.

  • CVE-2022-46177Jan 5, 2023
    affected < 2.8.14fixed 2.8.14

    Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is sti

  • CVE-2022-23546Jan 5, 2023
    affected < 2.9.0fixed 2.9.0

    In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.

Page 10 of 13