CVE-2023-43814

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...

BIT-DISCOURSE-2023-44388 Malicious requests can fill up the log files resulting in a deinal of service in Discourse

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to...

Design/Logic Flaw

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

BIT-2023-45147

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

BIT-2023-44388

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to...

CVE-2023-43814

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...

CVE-2023-44388 Malicious requests can fill up the log files resulting in a deinal of service in Discourse

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to...

CVE-2023-43814

CVE-2023-43814 affects the Discourse poll feature, where attackers could exploit the /polls/grouped_poll_results endpoint to view poll options and vote counts for groups of participants in private polls. The root issue is improper access exposure for poll results. According to connected sources, ...

CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

Discourse Information Disclosure Vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an information disclosure vulnerability that originates from allowing an attacker to read new chat messages by sending a POST request to MessageBus...

Discourse Access Control Error Vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an Access Control Error vulnerability that originates from allowing unauthorized attackers to view private content via the /polls/groupedpollresults...

PT-2023-29226 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 Discourse versions prior to 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when hide user profiles from public i...

PT-2023-29222 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running o...

PT-2023-29000 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable Discourse versions prior to 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the "/polls/grouped poll...

PT-2023-29429 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. The issue allows new chat messages to be read by making an unauthenticated POST request to MessageBus. There...