Bitnami package
discourse
pkg:bitnami/discourse
Vulnerabilities (246)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37703 | — | < 2.7.8 | 2.7.8 | Aug 13, 2021 | Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed. | ||
| CVE-2021-37693 | — | < 2.7.8 | 2.7.8 | Aug 13, 2021 | Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the | ||
| CVE-2021-37633 | — | < 2.7.8 | 2.7.8 | Aug 9, 2021 | Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched | ||
| CVE-2021-32788 | — | < 2.7.7 | 2.7.7 | Jul 27, 2021 | Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants | ||
| CVE-2021-32764 | — | <= 2.7.5 | — | Jul 15, 2021 | Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. | ||
| CVE-2021-3138 | — | <= 2.6.0 | — | Jan 14, 2021 | In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. |
- CVE-2021-37703Aug 13, 2021affected < 2.7.8fixed 2.7.8
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.
- CVE-2021-37693Aug 13, 2021affected < 2.7.8fixed 2.7.8
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the
- CVE-2021-37633Aug 9, 2021affected < 2.7.8fixed 2.7.8
Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched
- CVE-2021-32788Jul 27, 2021affected < 2.7.7fixed 2.7.7
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants
- CVE-2021-32764Jul 15, 2021affected <= 2.7.5
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy.
- CVE-2021-3138Jan 14, 2021affected <= 2.6.0
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
Page 13 of 13