Discourse Security Vulnerabilities and Issues — Discourse CVE List

Lucene search

DiscourseDiscourse

3 matches found

CVE•added 2022/04/11 8:15 p.m.•101 views

CVE-2022-24804

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user tha...

5.3CVSS5.1AI score0.00147EPSS

CVE•added 2022/04/14 10:15 p.m.•87 views

CVE-2022-24824

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issu...

5.3CVSS4.8AI score0.00289EPSS

CVE•added 2022/04/14 10:15 p.m.•76 views

CVE-2022-24850

Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should onl...

5.3CVSS4.3AI score0.00143EPSS