VYPR

Discourse

by Discourse (software)

Source repositories

CVEs (262)

  • CVE-2023-31142Jun 13, 2023
    risk 0.00cvss epss 0.00

    Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is…

  • CVE-2023-30606Apr 18, 2023
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the…

  • CVE-2023-30538Apr 18, 2023
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed…

  • CVE-2023-29196Apr 18, 2023
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an…

  • CVE-2023-28440Apr 18, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where…

  • CVE-2023-28112Mar 17, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network…

  • CVE-2023-28111Mar 17, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The…

  • CVE-2023-28107Mar 17, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the…

  • CVE-2023-25172Mar 17, 2023
    risk 0.00cvss epss 0.00

    Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on…

  • CVE-2023-26040Mar 17, 2023
    risk 0.00cvss epss 0.00

    Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version…

  • CVE-2023-23622Mar 17, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read…

  • CVE-2023-23935Mar 16, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of…

  • CVE-2023-25819Mar 4, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of…

  • CVE-2023-25167Feb 8, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised…

  • CVE-2023-23615Feb 3, 2023
    risk 0.00cvss epss 0.00

    Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable…

  • CVE-2023-23624Jan 27, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag.…

  • CVE-2023-23621Jan 27, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is…

  • CVE-2023-22740Jan 27, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an…

  • CVE-2023-23616Jan 27, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could…

  • CVE-2023-23620Jan 27, 2023
    risk 0.00cvss epss 0.01

    Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version…

Page 10 of 14