BIT-DISCOURSE-2023-40588 Discourse DoS via 2FA and Security Key Names

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users...

Discourse 3.1.x <= 3.1.1, 3.2.0.beta1 Unauthorized Access Vulnerability

Discourse is prone to an unauthorized access vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

CVE-2023-38706

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in...

CVE-2023-41043 Discourse DoS via SvgSprite cache

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...

CVE-2023-41042 Discourse DoS via remote theme assets

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in...

CVE-2023-41042 Discourse DoS via remote theme assets

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in...

CVE-2023-41042 Discourse DoS via remote theme assets

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in...

CVE-2023-40588 Discourse DoS via 2FA and Security Key Names

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users...

CVE-2023-38706

Discourse (open‑source forum software) contains a DoS vulnerability (CVE-2023-38706) where a malicious user can create an unlimited number of drafts with very long draft keys, exhausting server resources. Affected are stable branch &lt; 3.1.1 and beta/tests-passed branches

CVE-2023-38706 Discourse vulnerable to DoS via drafts

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server...

PT-2023-27524 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 Discourse version 3.2.0.beta1 and earlier in the beta and tests-passed branches Description: A malicious user could add a 2FA or security key with a carefully crafted name to their account, causing a denial o...

Discourse 3.1.x - 3.1.0.beta8 Multiple DoS Vulnerabilities

Discourse is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...