Lucene search
K

68 matches found

OSV
OSV
added 2024/07/03 7:10 p.m.27 views

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

2.4CVSS6.4AI score0.00366EPSS
Exploits0References5
CVE
CVE
added 2024/07/03 7:10 p.m.68 views

CVE-2024-36122

Discourse vulnerability CVE-2024-36122 affects the open-source forum platform: moderators reviewing users in the review queue could see a user’s email address when the setting to “Allow moderators to view email addresses” is disabled. The issue affects versions prior to 3.2.3 on the stable branch...

4.3CVSS4AI score0.00366EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/07/03 7:10 p.m.45 views

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

2.4CVSS0.00366EPSS
Exploits0References3
OSV
OSV
added 2024/07/03 7:7 p.m.33 views

CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

4.9CVSS6.5AI score0.00418EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/03 7:7 p.m.19 views

CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

4.9CVSS6.6AI score0.00418EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.11 views

PT-2024-26909 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: The issue affects moderators using the review queue, allowing them to see a user's email address...

4.3CVSS6.7AI score0.00366EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.8 views

PT-2024-27341 · Discourse +1 · Discourse +1

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: Discourse is an open-source discussion platform. A malicious actor could get the FastImage libra...

6.4CVSS6.8AI score0.00348EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2024/02/05 12:0 a.m.15 views

Discourse < 3.1.4, 3.2.x < 3.2.0.beta4 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

8.6CVSS5.1AI score0.00566EPSS
Exploits0References3
NVD
NVD
added 2024/01/12 9:15 p.m.27 views

CVE-2023-49099

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...

4.3CVSS4.1AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/12 8:53 p.m.26 views

CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...

3.1CVSS5.4AI score0.00321EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/10/10 12:0 a.m.10 views

Piwigo < 14.0.0.beta4 XSS Vulnerability

Piwigo is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...

9.3CVSS6.4AI score0.01277EPSS
Exploits1References1
NVD
NVD
added 2023/04/18 9:15 p.m.13 views

CVE-2023-28440

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

2.7CVSS3.5AI score0.00688EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.6 views

PT-2023-21723 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.3 Discourse versions prior to 3.1.0.beta4 Description: Discourse is an open source platform for community discussion. A maliciously crafted request from a Discourse administrator can lead to a long-running...

2.7CVSS3.6AI score0.00688EPSS
Exploits0References8
Prion
Prion
added 2022/04/11 8:15 p.m.19 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

5CVSS5.2AI score0.00831EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/04/11 7:16 p.m.36 views

CVE-2022-24804 Private group name exposure in discourse

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

5.3CVSS5.2AI score0.00831EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/04/11 12:0 a.m.6 views

PT-2022-16890 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.3 Discourse beta versions prior to 2.9.0.beta4 Description: The issue concerns the erroneous exposure of groups in Discourse, an open source platform for community discussion. When a group with restricted...

5.3CVSS5.1AI score0.00831EPSS
Exploits0References7
CNVD
CNVD
added 2021/08/17 12:0 a.m.37 views

Discourse code issue vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...

7.5CVSS2.7AI score0.00833EPSS
Exploits0References1
Prion
Prion
added 2021/08/13 4:15 p.m.18 views

Design/Logic Flaw

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

5CVSS7.5AI score0.00833EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/08/13 12:0 a.m.5 views

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...

7.5CVSS5.7AI score0.00833EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/07/29 12:0 a.m.20 views

Discourse 2.8.0.beta4 Security Update

A new Discourse update includes two security fixes. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

5.4CVSS5.2AI score0.00888EPSS
Exploits0References3
Rows per page
Query Builder