68 matches found
CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...
CVE-2024-36122
Discourse vulnerability CVE-2024-36122 affects the open-source forum platform: moderators reviewing users in the review queue could see a user’s email address when the setting to “Allow moderators to view email addresses” is disabled. The issue affects versions prior to 3.2.3 on the stable branch...
CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
PT-2024-26909 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: The issue affects moderators using the review queue, allowing them to see a user's email address...
PT-2024-27341 · Discourse +1 · Discourse +1
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: Discourse is an open-source discussion platform. A malicious actor could get the FastImage libra...
Discourse < 3.1.4, 3.2.x < 3.2.0.beta4 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2023-49099
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...
CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...
Piwigo < 14.0.0.beta4 XSS Vulnerability
Piwigo is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...
CVE-2023-28440
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...
PT-2023-21723 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.3 Discourse versions prior to 3.1.0.beta4 Description: Discourse is an open source platform for community discussion. A maliciously crafted request from a Discourse administrator can lead to a long-running...
Design/Logic Flaw
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...
CVE-2022-24804 Private group name exposure in discourse
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...
PT-2022-16890 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.3 Discourse beta versions prior to 2.9.0.beta4 Description: The issue concerns the erroneous exposure of groups in Discourse, an open source platform for community discussion. When a group with restricted...
Discourse code issue vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...
Design/Logic Flaw
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...
Discourse 代码问题漏洞
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...
Discourse 2.8.0.beta4 Security Update
A new Discourse update includes two security fixes. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...