Lucene search
+L

222 matches found

cve
cve
added 2023/04/18 8:40 p.m.63 views

CVE-2023-28440

CVE-2023-28440 affects Discourse: an admin-authenticated request can trigger a long-running operation, leading to a denial of service (availability impact) in affected builds. Public records identify the vulnerability as a Denial of Service via the admin theme import route, with mitigation by upg...

2.7CVSS3.3AI score0.00688EPSS
Exploits0References1Affected Software1
osv
osv
added 2023/04/18 8:40 p.m.30 views

CVE-2023-28440 Denial of service via admin theme import route in Discourse

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

2.7CVSS4.5AI score0.00688EPSS
Exploits0References3
prion
prion
added 2023/03/04 1:15 a.m.16 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches = 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse...

5CVSS5.3AI score0.00495EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/03/04 12:11 a.m.76 views

CVE-2023-25819

Discourse vulnerability CVE-2023-25819: metadata leakage where normally private tags are exposed in og:article and related metadata for sites running the tests-passed or beta branches >= 3.1.0.beta2. The issue affects Discourse and is patched in the latest beta and tests-passed releases. Root ...

5.3CVSS5.2AI score0.00495EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/03/04 12:11 a.m.32 views

CVE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag

Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches = 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse...

5.3CVSS6AI score0.00495EPSS
Exploits0References2
osv
osv
added 2023/03/04 12:11 a.m.23 views

CVE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag

Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches = 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse...

5.3CVSS5.4AI score0.00495EPSS
Exploits0References4
prion
prion
added 2023/01/27 1:15 a.m.17 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 beta tests-passed are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the...

4CVSS6.4AI score0.00683EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2023/01/26 9:18 p.m.25 views

CVE-2023-22739

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 stable, 3.1.0.beta2 beta, and 3.1.0.beta2 tests-passed are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an...

6.5CVSS6.3AI score0.00874EPSS
Exploits0References1
prion
prion
added 2023/01/26 9:18 p.m.17 views

Command injection

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 stable, 3.1.0.beta2 beta, and 3.1.0.beta2 tests-passed are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an...

4CVSS6.3AI score0.00874EPSS
Exploits0References1Affected Software1
prion
prion
added 2023/01/26 9:18 p.m.23 views

Cross site scripting

Discourse is an open source platform for community discussion. Versions prior to 2.8.13 stable, 3.0.0.beta16 beta and 3.0.0beta16 tests-passed, are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with...

4.9CVSS5.2AI score0.00504EPSS
Exploits0References1Affected Software1
cve
cve
added 2023/01/26 8:45 a.m.61 views

CVE-2023-22739

CVE-2023-22739 affects Discourse. Versions prior to 3.0.1 (stable) and 3.1.0.beta2 (beta/tests-passed) are vulnerable to unbounded draft data, enabling a malicious user to create an arbitrarily large draft and cause the instance to crawl. Root cause: Allocation of Resources Without Limits or Thro...

6.5CVSS6.3AI score0.00874EPSS
Exploits0References1Affected Software1
osv
osv
added 2023/01/26 8:45 a.m.24 views

CVE-2023-22739 Discourse subject to Allocation of Resources Without Limits or Throttling

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 stable, 3.1.0.beta2 beta, and 3.1.0.beta2 tests-passed are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an...

6.5CVSS6.3AI score0.00874EPSS
Exploits0References3
cve
cve
added 2023/01/26 8:31 a.m.66 views

CVE-2023-22468

CVE-2023-22468 relates to a cross-site scripting vulnerability in Discourse. Publicly documented versions prior to 2.8.13 (stable) and 3.0.0.beta16 (beta and tests-passed) are affected by a crafted URL that can be included in a post to trigger XSS on sites with insecure CSP. Discourse’s default C...

8.8CVSS5.5AI score0.00504EPSS
Exploits0References1Affected Software1
cnvd
cnvd
added 2022/11/30 12:0 a.m.28 views

Discourse Cross-Site Scripting Vulnerability

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A cross-site scripting vulnerability exists in Discourse version 2.8.10 and earlier, 2.9.0.beta11 and earlier, which can be exploited by attackers to inject malicious...

7.1CVSS5.7AI score0.00452EPSS
Exploits0References1
nvd
nvd
added 2022/11/02 5:15 p.m.25 views

CVE-2022-39356

Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is...

8.9CVSS0.00558EPSS
Exploits0References2
nvd
nvd
added 2022/11/02 5:15 p.m.41 views

CVE-2022-39241

Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest stable, beta, and test-passed versions are now patched. As a...

7.6CVSS0.00522EPSS
Exploits0References1
nvd
nvd
added 2022/11/02 5:15 p.m.19 views

CVE-2022-39378

Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...

5.3CVSS0.00482EPSS
Exploits0References1
prion
prion
added 2022/11/02 5:15 p.m.20 views

Information disclosure

Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is...

6.5CVSS8.7AI score0.00558EPSS
Exploits0References2Affected Software1
prion
prion
added 2022/11/02 5:15 p.m.19 views

Improper access control

Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...

5CVSS5.2AI score0.00482EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2022/11/02 12:0 a.m.4 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse. An attacker exploited the vulnerability to cause sensitive information to be disclosed...

5.3CVSS5.7AI score0.00482EPSS
Exploits0References2
Rows per page
Query Builder