Vulnerabilites related to discourse - discourse
Vulnerability from fkie_nvd
Published
2024-07-03 19:15
Modified
2024-11-21 09:21
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8F15A89F-6283-4B24-801E-E415FF5A4272",
"versionEndExcluding": "3.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "4EBDB0A9-6C68-4FC5-81CD-5E1B042DD60C",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "4FE1C6B5-D21B-46CC-A889-EECE10A7130A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "51C031F6-729E-4560-B33D-382177F2DB7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama `stable`, la versi\u00f3n 3.3.0.beta3 en la rama `beta` y la versi\u00f3n 3.3.0.beta4-dev en la rama `tests-passed`, un usuario del personal deshonesto pod\u00eda suspender otros usuarios del personal les impiden iniciar sesi\u00f3n en el sitio. El problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama `stable`, en la versi\u00f3n 3.3.0.beta3 en la rama `beta` y en la versi\u00f3n 3.3.0.beta4-dev en la rama `tests-passed`. No hay workarounds disponibles."
}
],
"id": "CVE-2024-36113",
"lastModified": "2024-11-21T09:21:38.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-03T19:15:04.523",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-17 15:15
Modified
2024-11-21 07:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to.
In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "73E3B1B2-6F62-4A60-8C75-C9ADD81AC748",
"versionEndExcluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. \n\nIn version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic\u0027s category read restrictions."
}
],
"id": "CVE-2023-23622",
"lastModified": "2024-11-21T07:46:33.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-17T15:15:12.147",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20004"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/discourse/discourse/pull/20005"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/discourse/discourse/pull/20005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-10 16:15
Modified
2024-11-21 08:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "50504A87-E983-44B1-9148-91A3F5851F6A",
"versionEndExcluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4C868514-CFCE-4DA6-B15E-CB64CDF21609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "755DE44D-B1C7-4434-824F-5544BE6DD1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. En las versiones 3.1.0 a 3.1.2 de la rama \"stable\" y en las versiones 3.1.0, beta6 a 3.2.0.beta2 de las ramas \"beta\" y \"tests-passed\", la memoria de Redis se puede agotar al crear un sitio con una URL de favicon anormalmente larga y redactando m\u00faltiples publicaciones en Onebox. El problema se solucion\u00f3 en la versi\u00f3n 3.1.3 de la rama \"stable\" y en la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."
}
],
"id": "CVE-2023-47120",
"lastModified": "2024-11-21T08:29:49.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-10T16:15:33.473",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-27 20:15
Modified
2024-11-21 06:25
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. As a workaround, avoid modifying or disabling Discourse’s default Content Security Policy, and blocking watched words containing HTML tags.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19C1E690-4B7F-46DC-8CB2-5335F98F4020",
"versionEndIncluding": "2.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse\u0027s default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. As a workaround, avoid modifying or disabling Discourse\u2019s default Content Security Policy, and blocking watched words containing HTML tags."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en versiones 2.7.7 y anteriores de la rama \"stable\", en las versiones 2.8.0.beta6 y anteriores de la rama \"beta\", y en las versiones 2.8.0.beta6 y anteriores de la rama \"tests-passed\". La representaci\u00f3n de algunos mensajes de error que contienen entradas del usuario puede ser susceptible de ataques de tipo XSS. Esta vulnerabilidad s\u00f3lo afecta a los sitios que han bloqueado las palabras vigiladas que contienen etiquetas HTML, han modificado o han deshabilitado la pol\u00edtica de seguridad de contenidos predeterminada de Discourse. Este problema est\u00e1 parcheado en las \u00faltimas versiones \"stable\", \"beta\" y \"tests-passed\" de Discourse. Como soluci\u00f3n, evite la modificar o desactivar la pol\u00edtica de seguridad de contenidos predeterminada de Discourse y bloquear las palabras vigiladas que contengan etiquetas HTML"
}
],
"id": "CVE-2021-41095",
"lastModified": "2024-11-21T06:25:27.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-27T20:15:07.267",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2024-11-21 06:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9653E97-F0B1-4559-AF43-F202A84403D2",
"versionEndExcluding": "2.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category\u0027s permissions setting."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. En versiones estables anteriores a 2.8.3 y en versiones beta anteriores a 2.9.0.beta4, son expuestos err\u00f3neamente los grupos. Cuando ha sido usado un grupo con visibilidad restringida para establecer los permisos de una categor\u00eda, el nombre del grupo es filtrado a cualquier usuario que pueda visualizar la categor\u00eda. Para mitigar el problema, el administrador del sitio puede eliminar los grupos con visibilidad restringida de la configuraci\u00f3n de permisos de cualquier categor\u00eda"
}
],
"id": "CVE-2022-24804",
"lastModified": "2024-11-21T06:51:08.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T20:15:20.157",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-03 20:15
Modified
2024-11-21 09:23
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8F15A89F-6283-4B24-801E-E415FF5A4272",
"versionEndExcluding": "3.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "4EBDB0A9-6C68-4FC5-81CD-5E1B042DD60C",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "4FE1C6B5-D21B-46CC-A889-EECE10A7130A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "51C031F6-729E-4560-B33D-382177F2DB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "5C2ABCC5-86B0-4CFF-AB99-BAC4D5CD94C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama `stable` y la versi\u00f3n 3.3.0.beta4 en las ramas `beta` y `tests-passed`, un actor malintencionado pod\u00eda hacer que la librer\u00eda FastImage redirigir solicitudes a una IP interna de Discourse. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama \"estable\" y en la versi\u00f3n 3.3.0.beta4 en las ramas \"beta\" y \"pruebas aprobadas\". No hay workarounds disponibles."
}
],
"id": "CVE-2024-37157",
"lastModified": "2024-11-21T09:23:19.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-03T20:15:04.573",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/67e78086035cec494b15ce79342a0cb9052c2d95"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/67e78086035cec494b15ce79342a0cb9052c2d95"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-13 21:15
Modified
2024-11-21 06:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh | Patch, Third Party Advisory | |
| security-advisories@github.com | https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "131D6FC3-2C60-4524-9B4E-F8316312A606",
"versionEndExcluding": "2.7.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "7A24507D-6D4B-4992-BCFE-232AF3BFCC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "082A6871-080A-4AA7-AF4A-D664EA46488A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "8A280205-A2DC-4E30-937B-5564C779FD5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Las versiones anteriores a 2.7.13 en \"stable\", a la 2.8.0.beta11 en \"beta\" y a la 2.8.0.beta11 en \"tests-passed\" permiten a algunos usuarios iniciar sesi\u00f3n en una comunidad antes de lo que deber\u00edan. Un usuario invitado por medio de un correo electr\u00f3nico a un foro con \"must_approve_users\" habilitado va a entrar autom\u00e1ticamente, omitiendo la comprobaci\u00f3n que no permite a usuarios no aprobados entrar. Podr\u00e1n hacer todo lo que un usuario aprobado puede hacer. Si cierran la sesi\u00f3n, no podr\u00e1n volver a entrar. Este problema est\u00e1 parcheado en las versiones \"stable\" 2.7.13, \"beta\" 2.8.0.beta11 y \"tests-passed\" 2.8.0.beta11. Pueden deshabilitarse las invitaciones como soluci\u00f3n. Los administradores pueden aumentar \"min_trust_level_to_allow_invite\" para reducir la superficie de ataque a los usuarios de mayor confianza"
}
],
"id": "CVE-2022-21684",
"lastModified": "2024-11-21T06:45:13.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-13T21:15:08.747",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-12 21:15
Modified
2024-11-21 08:31
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "A51406A4-A2FE-4BFE-8EA0-58359582D6A7",
"versionEndExcluding": "3.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.\n"
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. El serializador de mensajes utiliza la lista completa de menciones de chat ampliadas (@all y @here), lo que puede conducir a una gran variedad de usuarios. Este problema se solucion\u00f3 en las versiones 3.1.4 y beta 3.2.0.beta5."
}
],
"id": "CVE-2023-48297",
"lastModified": "2024-11-21T08:31:25.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T21:15:09.340",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-18 22:15
Modified
2024-11-21 08:00
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "618BD7ED-B602-46C3-AFDA-55544B4E6264",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"id": "CVE-2023-30606",
"lastModified": "2024-11-21T08:00:29.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-18T22:15:08.197",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 18:15
Modified
2024-11-21 05:14
Severity ?
Summary
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/discourse/discourse/pull/10509 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/10509 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E63CCEA1-4822-4A69-8C48-AB938D2762CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6C71DF85-48C2-4FBA-AF42-DEAB0B0BD12D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) en Discourse 2.3.2 y 2.6, por medio de la funci\u00f3n de correo electr\u00f3nico. Cuando se escribe un correo electr\u00f3nico en un editor, se pueden cargar im\u00e1genes de sitios web remotos"
}
],
"id": "CVE-2020-24327",
"lastModified": "2024-11-21T05:14:35.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T18:15:08.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/10509"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/10509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-29 17:15
Modified
2024-11-21 07:30
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE6EE50-7170-4F48-B9E6-2C2042826E79",
"versionEndIncluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse\u2019s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
},
{
"lang": "es",
"value": "Discourse es una plataforma de mensajer\u00eda de c\u00f3digo abierto. En las versiones 2.8.10 y anteriores en la rama \"stable\" y en las versiones 2.9.0.beta11 y anteriores en las ramas \"beta\" y \"tests-passed\", los usuarios que redactaban mensajes maliciosos y navegaban a la p\u00e1gina de borradores pod\u00edan realizado un auto-XSS. Esta vulnerabilidad puede provocar un XSS completo en sitios que han modificado o deshabilitado la Pol\u00edtica de Seguridad de Contenido predeterminada de Discourse. Este problema est\u00e1 solucionado en las \u00faltimas versiones stable, beta y tests-passed de Discourse."
}
],
"id": "CVE-2022-46148",
"lastModified": "2024-11-21T07:30:12.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-29T17:15:11.370",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c5h6-6gg5-84fh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c5h6-6gg5-84fh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-03 22:15
Modified
2024-11-21 07:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "0FF9F652-49A3-4F91-9E64-4BBA58F28686",
"versionEndIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts."
}
],
"id": "CVE-2023-23615",
"lastModified": "2024-11-21T07:46:32.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-03T22:15:12.643",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-28 16:15
Modified
2024-11-21 08:12
Severity ?
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8706E13A-141F-4E47-AA17-8DA913CE2020",
"versionEndExcluding": "3.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites."
}
],
"id": "CVE-2023-37904",
"lastModified": "2024-11-21T08:12:26.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-28T16:15:11.617",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-09 20:15
Modified
2024-11-21 06:15
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A85C6E2-A78D-47B2-AE03-A12AE6A2E8BD",
"versionEndExcluding": "2.7.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse\u0027s default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a 2.7.8, la representaci\u00f3n de los tooltips de d-popover puede ser susceptible de ataques de tipo XSS. Esta vulnerabilidad s\u00f3lo afecta a los sitios que han modificado o desactivado la pol\u00edtica de seguridad de contenidos predeterminada de Discourse. Este problema est\u00e1 parcheado en la \u00faltima versi\u00f3n \"stable\" 2.7.8 de Discourse. Como soluci\u00f3n, los usuarios pueden asegurarse de que la pol\u00edtica de seguridad de contenidos est\u00e1 activada y no ha sido modificada de forma que sea m\u00e1s vulnerable a ataques de tipo XSS"
}
],
"id": "CVE-2021-37633",
"lastModified": "2024-11-21T06:15:34.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-09T20:15:07.597",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/38199424bc840d2ef002cd1e9bffdbb99191eb47"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v3v8-3m5w-pjp9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/38199424bc840d2ef002cd1e9bffdbb99191eb47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v3v8-3m5w-pjp9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-30 15:15
Modified
2024-11-21 09:23
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8F15A89F-6283-4B24-801E-E415FF5A4272",
"versionEndExcluding": "3.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "4FE1C6B5-D21B-46CC-A889-EECE10A7130A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "51C031F6-729E-4560-B33D-382177F2DB7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3."
},
{
"lang": "es",
"value": " Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de 3.2.3 y 3.3.0.beta3, los datos de Onebox mal sanitizados pod\u00edan provocar una vulnerabilidad de XSS en algunas situaciones. Esta vulnerabilidad solo afecta a las instancias de Discourse que han deshabilitado la Pol\u00edtica de seguridad de contenido predeterminada. Esta vulnerabilidad se solucion\u00f3 en 3.2.3 y 3.3.0.beta3."
}
],
"id": "CVE-2024-37165",
"lastModified": "2024-11-21T09:23:20.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-30T15:15:11.617",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cx83-5p6x-9qh9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cx83-5p6x-9qh9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-14 22:15
Modified
2024-11-21 08:10
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"id": "CVE-2023-36818",
"lastModified": "2024-11-21T08:10:39.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-14T22:15:09.243",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-02 15:15
Modified
2024-11-21 07:30
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7BB8C-9904-42B5-8D91-0275CCA5D74F",
"versionEndIncluding": "2.8.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "B5A3C7FB-B3B6-45F0-AD7D-062A50490AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.\n"
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En la versi\u00f3n 2.8.13 y anteriores en la rama `stable` y en la versi\u00f3n 2.9.0.beta14 y anteriores en las ramas `beta` y `tests-passed`, cualquier usuario autenticado puede crear un tema no listado. Estos temas, que no est\u00e1n disponibles para otros usuarios, pueden consumir recursos innecesarios del sitio. Hay un parche para este problema disponible en la rama \"principal\" de Discourse. No se conocen workarounds disponibles."
}
],
"id": "CVE-2022-46159",
"lastModified": "2024-11-21T07:30:13.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-02T15:15:10.090",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 20:15
Modified
2024-11-21 08:20
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "B0080CEC-250E-46F7-8D64-BDE1EFC6B396",
"versionEndExcluding": "3.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4C868514-CFCE-4DA6-B15E-CB64CDF21609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "755DE44D-B1C7-4434-824F-5544BE6DD1CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Antes de la versi\u00f3n 3.1.1 de la rama `stable` y la versi\u00f3n 3.2.0.beta1 de las ramas `beta` y `tests-passed`, un administrador malintencionado pod\u00eda crear iconos de iconos extremadamente grandes, que luego se almacenar\u00edan en cach\u00e9 en cada servidor. proceso. Esto puede provocar que los procesos del servidor se detengan y provoquen un tiempo de inactividad. El problema se solucion\u00f3 en la versi\u00f3n 3.1.1 de la rama \"estable\" y en la versi\u00f3n 3.2.0.beta1 de las ramas \"beta\" y \"ests-passed\". Esto es s\u00f3lo una preocupaci\u00f3n para las instalaciones multisitio. No se requiere ninguna acci\u00f3n cuando se conf\u00eda en los administradores."
}
],
"id": "CVE-2023-41043",
"lastModified": "2024-11-21T08:20:26.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T20:15:10.540",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-05 21:15
Modified
2024-11-21 07:44
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "B45CE307-9D3B-4733-BEF2-862A06BE3B8E",
"versionEndExcluding": "2.8.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse\u2019s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de fuentes de opciones. Antes de la versi\u00f3n 2.8.14 en la rama `stable` y la versi\u00f3n 3.0.0.beta16 en las ramas `beta` y `tests-passed`, las descripciones de etiquetas, que pueden ser actualizadas por los moderadores, se pueden usar ataques de cross-site scripting. Esta vulnerabilidad puede provocar un XSS completo en sitios que han modificado o deshabilitado la Pol\u00edtica de seguridad de contenido predeterminada de Discourse. Las versiones 2.8.14 y 3.0.0.beta16 contienen un parche."
}
],
"id": "CVE-2023-22455",
"lastModified": "2024-11-21T07:44:50.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-05T21:15:09.157",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5rq6-466r-6mr9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5rq6-466r-6mr9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-28 00:15
Modified
2024-11-21 07:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "C19D7945-EB52-43C0-B9B7-8C250FEDC451",
"versionEndExcluding": "3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.0.1 en la rama \"stable\" y la versi\u00f3n 3.1.0.beta2 en las ramas \"beta\" y \"tests-passed\", alguien pod\u00eda usar el par\u00e1metro \"exclude_tag\" para filtrar temas y deducir cu\u00e1les estaban usando una etiqueta oculta espec\u00edfica. Esto afecta a cualquier sitio de Discourse que utilice etiquetas ocultas en categor\u00edas p\u00fablicas. Este problema se solucion\u00f3 en la versi\u00f3n 3.0.1 en la rama \"stable\" y en la versi\u00f3n 3.1.0.beta2 en las ramas \"beta\" y \"tests-passed\". Como workaround, proteja las categor\u00edas que utilicen etiquetas ocultas, cambie las etiquetas ocultas existentes para que no incluyan datos privados o elimine las etiquetas ocultas que se est\u00e9n utilizando actualmente."
}
],
"id": "CVE-2023-23624",
"lastModified": "2024-11-21T07:46:33.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-28T00:15:09.470",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20006"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-17 19:15
Modified
2024-11-21 07:54
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This affects any site running the `tests-passed` or `beta` branches versions 3.1.0.beta2 and prior. This issue is patched in version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "F59F801F-E7B5-4F37-A2E8-6024AD6DD7B2",
"versionEndIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This affects any site running the `tests-passed` or `beta` branches versions 3.1.0.beta2 and prior. This issue is patched in version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"id": "CVE-2023-28112",
"lastModified": "2024-11-21T07:54:25.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-17T19:15:11.507",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20710"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9897-x229-55gh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9897-x229-55gh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-28 15:15
Modified
2024-11-21 08:11
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn\u0027t applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn\u0027t have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting."
}
],
"id": "CVE-2023-37467",
"lastModified": "2024-11-21T08:11:46.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-28T15:15:10.960",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-323"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-10 15:15
Modified
2024-11-21 08:27
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C",
"versionEndExcluding": "3.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama \"stable\" y la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\", existe un caso extremo en el que se env\u00eda un recordatorio de marcador y se genera una notificaci\u00f3n de no le\u00eddos. pero la seguridad subyacente de los marcadores (por ejemplo, publicaci\u00f3n, tema, mensaje de chat) ha cambiado, por lo que el usuario ya no puede acceder al recurso subyacente. A partir de la versi\u00f3n 3.1.3 de la rama \"stable\" y la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\", los recordatorios de marcadores ya no se env\u00edan si el usuario no tiene acceso al marcador subyacente, y adem\u00e1s las notificaciones de marcadores no le\u00eddos siempre se filtran por acceso. No se conocen workarounds."
}
],
"id": "CVE-2023-45816",
"lastModified": "2024-11-21T08:27:24.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-10T15:15:08.667",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-29 20:15
Modified
2024-11-21 07:12
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/pull/18418 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/18418 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC8F74E-6BEF-4A8C-AF34-A0FC24A1EDFE",
"versionEndExcluding": "2.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En versiones anteriores a 2.8.9 en la rama \"stable\" y anteriores a 2.9.0.beta10 en las ramas \"beta\" y \"tests-passed\", un moderador puede crear nuevos temas y editar los existentes usando la API cuando no deber\u00eda poder hacerlo. El problema est\u00e1 parcheado en versi\u00f3n 2.8.9 en la rama \"stable\" y en la versi\u00f3n 2.9.0.beta10 en las ramas \"beta\" y \"tests-passed\". No se presentan mitigaciones conocidas"
}
],
"id": "CVE-2022-36068",
"lastModified": "2024-11-21T07:12:18.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T20:15:13.187",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18418"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-28 15:15
Modified
2024-11-21 07:24
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6478F103-55A5-4D3E-B655-F394150E4CC2",
"versionEndIncluding": "2.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones estables anteriores a 2.8.12 y versiones beta o de prueba anteriores a 2.9.0.beta.13, bajo ciertas condiciones, un usuario puede ver notificaciones de temas a los que ya no tiene acceso. Si hay informaci\u00f3n sensible en el t\u00edtulo del tema, por lo tanto habr\u00e1 sido expuesta. Este problema se solucion\u00f3 en la versi\u00f3n estable 2.8.12, la versi\u00f3n beta 2.9.0.beta13 y la versi\u00f3n 2.9.0.beta13 aprobada por pruebas. No hay workarounds disponibles."
}
],
"id": "CVE-2022-41944",
"lastModified": "2024-11-21T07:24:07.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-28T15:15:10.620",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441f92f693"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441f92f693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-28 00:15
Modified
2024-11-21 07:46
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "C19D7945-EB52-43C0-B9B7-8C250FEDC451",
"versionEndExcluding": "3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.0.1 en la rama \"stable\" y la versi\u00f3n 3.1.0.beta2 en las ramas \"beta\" y \"tests-passed\", un usuario malintencionado pod\u00eda provocar una denegaci\u00f3n de servicio de expresi\u00f3n regular utilizando un agente de usuario cuidadosamente manipulado. Este problema se solucion\u00f3 en la versi\u00f3n 3.0.1 en la rama \"stable\" y en la versi\u00f3n 3.1.0.beta2 en las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."
}
],
"id": "CVE-2023-23621",
"lastModified": "2024-11-21T07:46:33.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-28T00:15:09.373",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20002"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-02 17:15
Modified
2024-11-21 07:17
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B12D112-6E19-48E4-92C4-0719F6719929",
"versionEndExcluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs."
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. Un administrador malintencionado podr\u00eda utilizar esta vulnerabilidad para realizar una enumeraci\u00f3n de puertos en el host local u otros hosts de la red interna, as\u00ed como contra hosts de Internet. Las \u00faltimas versiones \"stable\", \"beta\" y `test-passed` ahora est\u00e1n parcheadas. Como workaround, los autohospedadores pueden usar la var de entorno `DISCOURSE_BLOCKED_IP_BLOCKS` (que anula la configuraci\u00f3n `blocked_ip_blocks`) para impedir que los webhooks accedan a IP privadas."
}
],
"id": "CVE-2022-39241",
"lastModified": "2024-11-21T07:17:51.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-02T17:15:17.187",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:55
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "35B2683D-D670-4F47-90D9-D18AF3BFC9A8",
"versionEndExcluding": "3.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"id": "CVE-2023-28440",
"lastModified": "2024-11-21T07:55:04.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-18T21:15:09.180",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-14 21:15
Modified
2024-11-21 07:18
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B12D112-6E19-48E4-92C4-0719F6719929",
"versionEndExcluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En algunos casos excepcionales, los usuarios que canjean una invitaci\u00f3n pueden ser agregados como participantes a varios temas de mensajes privados a los que no se les debe agregar. No se les notifica esto, sucede de forma transparente en segundo plano. Este problema se resolvi\u00f3 en el commit \"a414520742\" y se incluir\u00e1 en versiones futuras. Se recomienda a los usuarios que actualicen. Tambi\u00e9n se recomienda a los usuarios que establezcan `SiteSetting.max_invites_per_day` en 0 hasta que se instale el parche."
}
],
"id": "CVE-2022-39385",
"lastModified": "2024-11-21T07:18:11.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-14T21:15:15.007",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/a414520742da8dc9dc976d4fb7b72dbd445813bb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gh5r-j595-qx48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/a414520742da8dc9dc976d4fb7b72dbd445813bb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gh5r-j595-qx48"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-20 23:15
Modified
2024-11-21 06:25
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95493165-6C19-4E89-AC2B-72268D6ECB2C",
"versionEndExcluding": "2.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. En las versiones afectadas, las peticiones dise\u00f1adas de forma maliciosa pod\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota . Esto se deb\u00eda a una falta de comprobaci\u00f3n en los valores de subscribe_url. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de prueba de Discourse. Para solucionar el problema sin necesidad de actualizar, las peticiones con una ruta que empiece por /webhooks/aws podr\u00edan bloquearse en un proxy de subida"
}
],
"id": "CVE-2021-41163",
"lastModified": "2024-11-21T06:25:38.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-20T23:15:07.477",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-14 22:15
Modified
2024-11-21 06:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "092752BF-C6B5-46EF-905E-E6DFDCB818F6",
"versionEndExcluding": "2.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A category\u0027s group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. La configuraci\u00f3n de los permisos de grupo de una categor\u00eda puede ser visualizada por cualquiera que tenga acceso a la categor\u00eda. Como resultado, un usuario normal es capaz de visualizar si un grupo presenta permisos de lectura/escritura en la categor\u00eda aunque la informaci\u00f3n s\u00f3lo deber\u00eda estar disponible para usuarios que pueden administrar una categor\u00eda. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de prueba de Discourse. No se presentan medidas de mitigaci\u00f3n para este problema"
}
],
"id": "CVE-2022-24850",
"lastModified": "2024-11-21T06:51:14.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-14T22:15:08.003",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 22:15
Modified
2024-11-21 08:25
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA",
"versionEndIncluding": "3.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Una solicitud maliciosa puede hacer que los archivos de registro de producci\u00f3n se llenen r\u00e1pidamente y, por lo tanto, que el servidor se quede sin espacio en disco. Este problema se ha solucionado en las versiones 3.1.1 stable y 3.2.0.beta2 de Discourse. Es posible workaround temporalmente en este problema reduciendo \"client_max_body_size nginx directive\". `client_max_body_size` limitar\u00e1 el tama\u00f1o de las cargas que se pueden cargar directamente al servidor."
}
],
"id": "CVE-2023-44388",
"lastModified": "2024-11-21T08:25:47.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T22:15:12.397",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-01 20:15
Modified
2024-11-21 06:29
Severity ?
Summary
Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F845CD5-5BBB-4686-B459-F20DEC41748C",
"versionEndExcluding": "2.7.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En las versiones afectadas, un atacante puede envenenar la cach\u00e9 de los usuarios an\u00f3nimos (es decir, los que no han iniciado sesi\u00f3n), de forma que se les muestre un blob JSON en lugar de la p\u00e1gina HTML. Esto puede conllevar a una denegaci\u00f3n de servicio parcial. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de prueba de Discourse"
}
],
"id": "CVE-2021-43794",
"lastModified": "2024-11-21T06:29:48.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-12-01T20:15:08.727",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-29 20:15
Modified
2024-11-21 07:17
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/pull/18302 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/18302 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC8F74E-6BEF-4A8C-AF34-A0FC24A1EDFE",
"versionEndExcluding": "2.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a 2.8.9 en la rama \"stable\" y anteriores a 2.9.0.beta10 en las ramas \"beta\" y \"tests-passed\", un actor malicioso puede a\u00f1adir grandes cargas de texto en los campos Location y Website de un perfil de usuario, lo que causa problemas a otros usuarios cuando es cargado ese perfil. En versi\u00f3n 2.8.9 de la rama \"stable\" y en la versi\u00f3n 2.9.0.beta10 de las ramas \"beta\" y \"tests-passed\" es incluida una correcci\u00f3n para limitar la longitud de la entrada del usuario en estos campos. No se presentan mitigaciones conocidas"
}
],
"id": "CVE-2022-39226",
"lastModified": "2024-11-21T07:17:49.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T20:15:13.760",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18302"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-29 21:15
Modified
2024-11-21 07:17
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/pull/18311 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/18311 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won\u0027t break the app. As a workaround, the quote can be fixed via the rails console."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. A partir de la versi\u00f3n 2.9.0.beta5 y anteriores a 2.9.0.beta10, una cita incompleta puede generar un error de JavaScript que bloquear\u00e1 la p\u00e1gina actual en el navegador en algunos casos. La versi\u00f3n 2.9.0.beta10 ha a\u00f1adido una correcci\u00f3n y pruebas para garantizar que las cotizaciones incompletas no rompan la aplicaci\u00f3n. Como mitigaci\u00f3n, la cotizaci\u00f3n puede arreglarse por medio de la consola de rails"
}
],
"id": "CVE-2022-39232",
"lastModified": "2024-11-21T07:17:50.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T21:15:11.210",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18311"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-28 16:15
Modified
2024-11-21 08:13
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8706E13A-141F-4E47-AA17-8DA913CE2020",
"versionEndExcluding": "3.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade."
}
],
"id": "CVE-2023-38498",
"lastModified": "2024-11-21T08:13:41.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-28T16:15:12.033",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-13 22:15
Modified
2024-11-21 08:03
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "E76C733A-34C7-43E4-8472-38BB12B2A746",
"versionEndExcluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "1C4CEDDE-1495-4C7B-850A-0DABC6C3A42F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled."
}
],
"id": "CVE-2023-32301",
"lastModified": "2024-11-21T08:03:04.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-13T22:15:09.560",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-28 15:15
Modified
2024-11-21 07:24
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A387C9DC-A3A5-416B-A564-DBD4F345972B",
"versionEndExcluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 2.9.0.beta13, los usuarios pod\u00edan publicar mensajes de chat de longitud ilimitada, lo que pod\u00eda provocar una Denegaci\u00f3n de Servicio (DoS) para otros usuarios al publicar grandes cantidades de texto. Los usuarios deben actualizar a la versi\u00f3n 2.9.0.beta13, donde se introdujo un l\u00edmite. No hay workarounds conocidos disponibles."
}
],
"id": "CVE-2022-41921",
"lastModified": "2024-11-21T07:24:04.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-28T15:15:10.543",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/3de765c89524a526ce611e11468d758a471a933f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mfh7-6cv6-qccc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/3de765c89524a526ce611e11468d758a471a933f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mfh7-6cv6-qccc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-01 20:15
Modified
2024-11-21 07:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84A39503-20A3-468D-9B35-2956C3CA9765",
"versionEndExcluding": "2.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse\u0027s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En las versiones afectadas, una petici\u00f3n maliciosamente dise\u00f1ada de activos est\u00e1ticos podr\u00eda causar que las respuestas de error fueran almacenadas en la cach\u00e9 por la configuraci\u00f3n predeterminada del proxy NGINX de Discourse. Una configuraci\u00f3n NGINX corregida es incluida en las \u00faltimas versiones estables, beta y de prueba de Discourse. Es recomendado a usuarios actualizar. No se presentan mitigaciones conocidas para esta vulnerabilidad"
}
],
"id": "CVE-2022-31182",
"lastModified": "2024-11-21T07:04:04.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-01T20:15:08.353",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6pp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6pp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-27 22:15
Modified
2024-11-21 06:07
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82A850D1-D4B4-47EC-A60C-22A1823962ED",
"versionEndExcluding": "2.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En las versiones anteriores a 2.7.7 se presentan dos bugs que conllevaron a que el creador de una publicaci\u00f3n whisper fuera revelado a usuarios que no eran del personal. 1: Unos usuarios del personal que crean una publicaci\u00f3n whisper en un mensaje personal son revelados a participantes del mensaje personal que no son del personal, aunque la publicaci\u00f3n whisper no puede ser vista por ellos. 2: Cuando una publicaci\u00f3n whisper es anterior al \u00faltimo mensaje en un flujo de mensajes, eliminando la \u00faltima publicaci\u00f3n resultar\u00e1 en que el creador del mensaje whisper sea revelado a usuarios no pertenecientes al personal como el \u00faltimo mensaje del tema"
}
],
"id": "CVE-2021-32788",
"lastModified": "2024-11-21T06:07:44.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-27T22:15:07.597",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/680024f9071b7696e5a444a58791016c6dc1f1e5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/dbdf61196d9e964e8823793d2e7f856595fea4d9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v6xg-q577-vc92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/680024f9071b7696e5a444a58791016c6dc1f1e5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/dbdf61196d9e964e8823793d2e7f856595fea4d9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v6xg-q577-vc92"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 22:15
Modified
2024-11-21 08:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA",
"versionEndIncluding": "3.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Los nuevos mensajes de chat se pueden leer realizando una solicitud POST no autenticada a MessageBus. Este problema se solucion\u00f3 en las versiones 3.1.1 stable y 3.2.0.beta2 de Discourse. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-45131",
"lastModified": "2024-11-21T08:26:24.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T22:15:12.650",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-04 20:15
Modified
2024-11-21 06:29
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Summary
Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1CE0F5-5636-46AF-A6AB-3C64FAC49D84",
"versionEndExcluding": "2.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "082A6871-080A-4AA7-AF4A-D664EA46488A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "8A280205-A2DC-4E30-937B-5564C779FD5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. En las versiones afectadas los usuarios administradores pueden desencadenar un ataque de denegaci\u00f3n de servicio por medio de la ruta \"/message-bus/_diagnostics\". El impacto de esta vulnerabilidad es mayor en las instancias multisitio de Discourse (donde son servidos m\u00faltiples foros desde un \u00fanico servidor de aplicaciones) donde cualquier usuario administrador en cualquiera de los foros puede visitar la ruta \"/message-bus/_diagnostics\". El problema ha sido corregido. Por favor, actualice a la versi\u00f3n 2.8.0.beta10 o 2.7.12. No se presentan medidas de mitigaci\u00f3n para este problema"
}
],
"id": "CVE-2021-43850",
"lastModified": "2024-11-21T06:29:55.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-04T20:15:07.667",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-27 22:15
Modified
2024-11-21 07:03
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "369D642C-A8FC-423F-8A49-D9ECCE3D7B32",
"versionEndIncluding": "2.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn\u0027t match the invite\u0027s email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Bajo determinadas condiciones, un usuario conectado puede canjear una invitaci\u00f3n con un correo electr\u00f3nico que o bien no coincide con el correo electr\u00f3nico de la invitaci\u00f3n o no es adherido a la restricci\u00f3n de dominio de correo electr\u00f3nico de un enlace de invitaci\u00f3n. El impacto de este fallo es agravado cuando la invitaci\u00f3n ha sido configurada para a\u00f1adir al usuario que acepta la invitaci\u00f3n a grupos restringidos. Una vez que un usuario ha sido a\u00f1adido incorrectamente a un grupo restringido, el usuario puede entonces ser capaz de visualizar contenidos que est\u00e1n restringidos al grupo respectivo. Es recomendado a usuarios actualizar a versiones estables actuales. No se presentan mitigaciones conocidas para este problema"
}
],
"id": "CVE-2022-31096",
"lastModified": "2024-11-21T07:03:53.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T22:15:09.123",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-07 21:15
Modified
2024-10-19 01:11
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "16A670AB-8B0F-4866-9592-0B463C93175C",
"versionEndExcluding": "3.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "B70F4653-EB23-49AB-AF71-C39E5B6D5E5F",
"versionEndExcluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*",
"matchCriteriaId": "BAB3A427-361B-4FC1-859D-D871B080DEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "AF6D8860-8764-4EEF-9FDD-89FF932791A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Una direcci\u00f3n de correo electr\u00f3nico manipulada con fines malintencionados podr\u00eda permitir a un atacante eludir las restricciones basadas en dominios y obtener acceso a sitios, categor\u00edas o grupos privados. Este problema se ha corregido en la \u00faltima versi\u00f3n estable, beta y de pruebas aprobadas de Discourse. Se recomienda a todos los usuarios del \u00e1rea que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-45051",
"lastModified": "2024-10-19T01:11:16.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-07T21:15:16.930",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2vjv-pgh4-6rmq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-02 12:15
Modified
2024-11-21 07:15
Severity ?
Summary
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7 | Third Party Advisory | |
| cve@mitre.org | https://github.com/discourse/discourse/tags | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/tags | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7CF8E36-2EC1-464C-AB3E-34FA0D832A67",
"versionEndIncluding": "2.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate."
},
{
"lang": "es",
"value": "Discourse versiones hasta 2.8.7, permite a administradores enviar invitaciones a direcciones de correo electr\u00f3nico arbitrarias a un ritmo ilimitado"
}
],
"id": "CVE-2022-37458",
"lastModified": "2024-11-21T07:15:01.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-02T12:15:11.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/tags"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-13 22:15
Modified
2024-11-21 08:06
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "E76C733A-34C7-43E4-8472-38BB12B2A746",
"versionEndExcluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "1C4CEDDE-1495-4C7B-850A-0DABC6C3A42F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn\u0027t have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"id": "CVE-2023-34250",
"lastModified": "2024-11-21T08:06:51.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-13T22:15:09.663",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-17 15:15
Modified
2024-11-21 07:50
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds."
}
],
"id": "CVE-2023-26040",
"lastModified": "2024-11-21T07:50:38.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-17T15:15:12.237",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ccfc-qpmp-gq87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ccfc-qpmp-gq87"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-13 22:15
Modified
2024-11-21 08:02
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "E76C733A-34C7-43E4-8472-38BB12B2A746",
"versionEndExcluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "1C4CEDDE-1495-4C7B-850A-0DABC6C3A42F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"id": "CVE-2023-32061",
"lastModified": "2024-11-21T08:02:38.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-13T22:15:09.477",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-24 21:15
Modified
2024-11-21 06:51
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user's post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse's GitHub repository and is anticipated to be part of future releases.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/pull/16273 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/16273 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92530146-660F-4474-A2C9-E12020382560",
"versionEndIncluding": "2.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user\u0027s post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse\u0027s GitHub repository and is anticipated to be part of future releases."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Las versiones 2.8.2 y anteriores en la rama \"stable\", versiones 2.9.0.beta3 y anteriores en la rama \"beta\", y versiones 2.9.0.beta3 y anteriores en la rama \"tests-passed\" son vulnerables a un filtrado de informaci\u00f3n. Los usuarios pueden solicitar una exportaci\u00f3n de su propia actividad. A veces, debido a la configuraci\u00f3n de la categor\u00eda, pueden tener una pertenencia a una categor\u00eda segura. El nombre de esta categor\u00eda segura es mostrada al usuario en la exportaci\u00f3n. Lo mismo ocurre cuando el post del usuario ha sido movido a una categor\u00eda segura. Un parche para este problema est\u00e1 disponible en la rama \"main\" del repositorio GitHub de Discourse y esta anticipado que forme parte de futuras versiones"
}
],
"id": "CVE-2022-24782",
"lastModified": "2024-11-21T06:51:05.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-24T21:15:13.933",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/16273"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/16273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-13 16:15
Modified
2024-11-21 06:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including reseting a password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A85C6E2-A78D-47B2-AE03-A12AE6A2E8BD",
"versionEndExcluding": "2.7.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including reseting a password."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. En Discourse versiones anteriores a 2.7.8 y 2.8.0.beta4, cuando se a\u00f1aden direcciones de correo electr\u00f3nico adicionales a una cuenta existente en un sitio de Discourse es generado un token de correo electr\u00f3nico como parte del proceso de comprobaci\u00f3n del correo electr\u00f3nico. Eliminando las direcciones de correo electr\u00f3nico adicionales no invalida un token no usado que puede ser usado en otros contextos, incluyendo el restablecimiento de una contrase\u00f1a."
}
],
"id": "CVE-2021-37693",
"lastModified": "2024-11-21T06:15:43.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-13T16:15:07.717",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/fb14e50741a4880cda22244eded8858e2f5336ef"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9377-96f4-cww4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/fb14e50741a4880cda22244eded8858e2f5336ef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9377-96f4-cww4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
},
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 20:15
Modified
2024-11-21 06:18
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A85C6E2-A78D-47B2-AE03-A12AE6A2E8BD",
"versionEndExcluding": "2.7.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse\u0027s default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse\u0027s default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. En las versiones afectadas los nombres de las categor\u00edas pueden ser usados para ataques de tipo Cross-site scripting (XSS). Esto es mitigado por la Pol\u00edtica de Seguridad de Contenidos por predeterminada de Discourse y esta vulnerabilidad s\u00f3lo afecta a los sitios que han modificado o deshabilitado o cambiado la Pol\u00edtica de Seguridad de Contenidos predeterminada de Discourse han permitido a los moderadores modificar las categor\u00edas. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de prueba de Discourse. Se aconseja a usuarios que se aseguren de que la Pol\u00edtica de Seguridad de Contenidos est\u00e1 habilitada y no ha sido modificada de forma que sea m\u00e1s vulnerable a los ataques de tipo XSS."
}
],
"id": "CVE-2021-39161",
"lastModified": "2024-11-21T06:18:45.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T20:15:07.463",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-26 21:18
Modified
2024-11-21 07:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "140D3326-21AC-459D-8196-E17C9046AE3E",
"versionEndExcluding": "2.8.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse\u0027s default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site\u0027s CSP to the default one provided with Discourse."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Las versiones anteriores a 2.8.13 (estable), 3.0.0.beta16 (beta) y 3.0.0beta16 (pruebas aprobadas) son vulnerables a cross-site scripting. Se puede incluir una URL creada con fines malintencionados en una publicaci\u00f3n para llevar a cabo cross-site scripting en sitios con CSP (Pol\u00edtica de seguridad de contenido) deshabilitada o demasiado permisiva. El CSP predeterminado de Discourse evita esta vulnerabilidad. Esta vulnerabilidad est\u00e1 parcheada en las versiones 2.8.13 (estable), 3.0.0.beta16 (beta) y 3.0.0beta16 (pruebas aprobadas). Como workaround, habilite y/o restaure el CSP de su sitio al predeterminado proporcionado con Discourse."
}
],
"id": "CVE-2023-22468",
"lastModified": "2024-11-21T07:44:51.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:18:12.060",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-28 00:15
Modified
2024-11-21 07:46
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "C19D7945-EB52-43C0-B9B7-8C250FEDC451",
"versionEndExcluding": "3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.0.1 en la rama \"stable\" y 3.1.0.beta2 en las ramas \"beta\" y \"tests-passed\", al enviar una solicitud de membres\u00eda, no hay l\u00edmite de caracteres por el motivo proporcionado con la solicitud. Potencialmente, esto podr\u00eda permitir que un usuario inunde la base de datos con una gran cantidad de datos. Sin embargo, es poco probable que esto pueda usarse como parte de un ataque DoS, ya que las rutas que leen los motivos solo est\u00e1n disponibles para los administradores. A partir de la versi\u00f3n 3.0.1 en la rama \"stable\" y 3.1.0.beta2 en las ramas \"beta\" y \"tests-passed\", se introdujo un l\u00edmite de 280 caracteres para las solicitudes de membres\u00eda."
}
],
"id": "CVE-2023-23616",
"lastModified": "2024-11-21T07:46:32.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-28T00:15:09.070",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/3e0cc4a5d9ef44ad902f6985d046ebb32f0a14ee"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/d5745d34c20c31a221039d8913f33064433003ea"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/19993"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6xff-p329-9pgf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/3e0cc4a5d9ef44ad902f6985d046ebb32f0a14ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/d5745d34c20c31a221039d8913f33064433003ea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/19993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6xff-p329-9pgf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 18:15
Modified
2024-11-21 04:28
Severity ?
Summary
Discourse 2.3.2 sends the CSRF token in the query string.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/discourse/discourse/pull/8026 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/8026 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E63CCEA1-4822-4A69-8C48-AB938D2762CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse 2.3.2 sends the CSRF token in the query string."
},
{
"lang": "es",
"value": "Discourse 2.3.2 env\u00eda el token CSRF en la cadena de consulta."
}
],
"id": "CVE-2019-15515",
"lastModified": "2024-11-21T04:28:54.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T18:15:12.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/8026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/8026"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-17 17:15
Modified
2024-11-21 07:49
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "C19D7945-EB52-43C0-B9B7-8C250FEDC451",
"versionEndExcluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user\u0027s full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse\u0027s default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site\u0027s CSP to the default one provided with Discourse."
}
],
"id": "CVE-2023-25172",
"lastModified": "2024-11-21T07:49:14.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-17T17:15:11.423",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/c186a46910431020e8efc425dec2133e7a99fa9a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20008"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20009"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7pm2-prxw-wrvp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/c186a46910431020e8efc425dec2133e7a99fa9a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7pm2-prxw-wrvp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-29 20:15
Modified
2024-11-21 07:12
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/pull/18421 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/18421 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC8F74E-6BEF-4A8C-AF34-A0FC24A1EDFE",
"versionEndExcluding": "2.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En versiones anteriores a 2.8.9 en la rama \"stable\" y anteriores a 2.9.0.beta10 en las ramas \"beta\" y \"tests-passed\", los administradores pueden descargar un archivo Zip o Gzip Tar dise\u00f1ado de forma maliciosa para escribir archivos en ubicaciones arbitrarias y desencadenar una ejecuci\u00f3n de c\u00f3digo remota. El problema est\u00e1 parcheado en versi\u00f3n 2.8.9 en la rama \"stable\" y en versi\u00f3n 2.9.0.beta10 en las ramas \"beta\" y \"tests-passed\". No se presentan mitigaciones conocidas"
}
],
"id": "CVE-2022-36066",
"lastModified": "2024-11-21T07:12:18.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T20:15:09.747",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18421"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-30 15:15
Modified
2024-11-21 09:23
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "1E60FC27-D34F-462D-97E0-9B0A3A2D5CFD",
"versionEndExcluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "4FE1C6B5-D21B-46CC-A889-EECE10A7130A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "51C031F6-729E-4560-B33D-382177F2DB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "5C2ABCC5-86B0-4CFF-AB99-BAC4D5CD94C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "F43AEDD5-616E-4ADF-BA3E-8B1537A7CDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de 3.2.5 y 3.3.0.beta5, la manipulaci\u00f3n de solicitudes para enviar nombres de grupos de etiquetas muy largos puede reducir la disponibilidad de una instancia de Discourse. Esta vulnerabilidad se solucion\u00f3 en 3.2.5 y 3.3.0.beta5."
}
],
"id": "CVE-2024-37299",
"lastModified": "2024-11-21T09:23:33.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-30T15:15:11.857",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4j6h-9pjp-5476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4j6h-9pjp-5476"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-27 01:15
Modified
2024-11-21 07:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7E4636-4A0D-4C79-BE83-63B7CFD890E1",
"versionEndIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Las versiones anteriores a la 3.1.0.beta1 (beta) (pruebas aprobadas) son vulnerables a Asignaci\u00f3n de Recursos Sin L\u00edmites. Los usuarios pueden crear borradores de chat de duraci\u00f3n ilimitada, lo que puede provocar una denegaci\u00f3n de servicio al generar una carga excesiva en el servidor. Adem\u00e1s, se cargaba una cantidad ilimitada de borradores al cargar el usuario. Este problema se solucion\u00f3 en la versi\u00f3n 2.1.0.beta1 (beta) y (pruebas aprobadas). Los usuarios deben actualizar a la \u00faltima versi\u00f3n donde se haya introducido un l\u00edmite. No hay soluciones disponibles."
}
],
"id": "CVE-2023-22740",
"lastModified": "2024-11-21T07:45:19.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-27T01:15:08.643",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 22:15
Modified
2024-11-21 08:24
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA",
"versionEndIncluding": "3.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.\n"
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Los atacantes con detalles espec\u00edficos de una encuesta en un tema pueden usar el endpoint `/polls/grouped_poll_results` para ver el contenido de las opciones en la encuesta y el n\u00famero de votos de los grupos de participantes de la encuesta. Esto afecta las encuestas privadas cuyos resultados estaban destinados a ser vistos \u00fanicamente por usuarios autorizados. Este problema se solucion\u00f3 en las versiones 3.1.1 stable y 3.2.0.beta2 de Discourse. No existe ninguna workaround para este problema aparte de actualizar a la versi\u00f3n corregida."
}
],
"id": "CVE-2023-43814",
"lastModified": "2024-11-21T08:24:49.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T22:15:12.317",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 20:15
Modified
2024-11-21 08:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8 | Exploit, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "F59F801F-E7B5-4F37-A2E8-6024AD6DD7B2",
"versionEndIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4C868514-CFCE-4DA6-B15E-CB64CDF21609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "755DE44D-B1C7-4434-824F-5544BE6DD1CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Antes de la versi\u00f3n 3.1.1 de la rama `stable` y la versi\u00f3n 3.2.0.beta1 de las ramas `beta` y `tests-passed`, un usuario malintencionado pod\u00eda crear un n\u00famero ilimitado de borradores con claves de borrador muy largas que pod\u00edan finalizar agotar los recursos del servidor. El problema se solucion\u00f3 en la versi\u00f3n 3.1.1 de la rama \"estable\" y en la versi\u00f3n 3.2.0.beta1 de las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."
}
],
"id": "CVE-2023-38706",
"lastModified": "2024-11-21T08:14:05.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T20:15:09.217",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-28 16:15
Modified
2024-11-21 08:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8706E13A-141F-4E47-AA17-8DA913CE2020",
"versionEndExcluding": "3.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches."
}
],
"id": "CVE-2023-38685",
"lastModified": "2024-11-21T08:14:03.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-28T16:15:12.613",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-20 21:15
Modified
2024-11-21 06:25
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0517E24E-7DAB-4CA0-A5C1-D5BAD07AC781",
"versionEndExcluding": "2021-09-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n comunitaria. En las versiones afectadas, cualquier mensaje privado que incluya un grupo ten\u00eda su t\u00edtulo y el usuario participante expuestos a usuarios que no tienen acceso a los mensajes privados. Sin embargo, el control de acceso a los mensajes privados no estaba comprometido, ya que los usuarios no pod\u00edan visualizar los mensajes privados filtrados a pesar de verlos en su bandeja de entrada. El commit problem\u00e1tico fue revertido unos 32 minutos despu\u00e9s de su realizaci\u00f3n. Se recomienda a los usuarios que actualicen al \u00faltimo commit si est\u00e1n ejecutando Discourse con la rama \"tests-passed\""
}
],
"id": "CVE-2021-41082",
"lastModified": "2024-11-21T06:25:24.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-20T21:15:07.523",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/27bad28c530c89acab35a56b945b6a3924280f4b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/ddb458343dc39a7a8c99467dcd809b444514fe2c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm3x-w6jm-j9vv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/27bad28c530c89acab35a56b945b6a3924280f4b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/ddb458343dc39a7a8c99467dcd809b444514fe2c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm3x-w6jm-j9vv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 20:15
Modified
2024-11-21 08:20
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "B0080CEC-250E-46F7-8D64-BDE1EFC6B396",
"versionEndExcluding": "3.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4C868514-CFCE-4DA6-B15E-CB64CDF21609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "755DE44D-B1C7-4434-824F-5544BE6DD1CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Antes de la versi\u00f3n 3.1.1 de la rama \"estable\" y la versi\u00f3n 3.2.0.beta1 de las ramas \"beta\" y \"ests-passed\", la importaci\u00f3n de un tema remoto cargaba sus activos en la memoria sin imponer l\u00edmites de tama\u00f1o de archivo o n\u00famero de archivos. El problema se solucion\u00f3 en la versi\u00f3n 3.1.1 de la rama \"estable\" y en la versi\u00f3n 3.2.0.beta1 de las ramas \"beta\" y \"ests-passed\". No se conocen workarounds."
}
],
"id": "CVE-2023-41042",
"lastModified": "2024-11-21T08:20:26.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T20:15:10.293",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-10 15:15
Modified
2024-11-21 08:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the "bleeding" by ensuring users only use alphanumeric characters in their full name field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C",
"versionEndExcluding": "3.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they\u0027ve been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the \"bleeding\" by ensuring users only use alphanumeric characters in their full name field."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama `stable` y la versi\u00f3n 3.2.0.beta3 de las ramas `beta` y `tests-passed`, si un usuario ha sido citado y usa un `|` en su nombre completo, podr\u00eda desencadenar un error que genere una gran cantidad de contenido duplicado en todas las publicaciones que han sido citados al actualizar su nombre completo nuevamente. La versi\u00f3n 3.1.3 de la rama `stable` y la versi\u00f3n 3.2.0.beta3 de las ramas `beta` y `tests-passed` contienen un parche para este problema. No existe ning\u00fan workaround conocido, aunque se puede detener el \"sangrado\" asegur\u00e1ndose de que los usuarios s\u00f3lo utilicen caracteres alfanum\u00e9ricos en el campo de nombre completo."
}
],
"id": "CVE-2023-45806",
"lastModified": "2024-11-21T08:27:23.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-10T15:15:08.440",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-01 20:15
Modified
2024-11-21 07:04
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6A1B91-52FA-4FFE-96D0-DC25865E15FD",
"versionEndIncluding": "2.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En las versiones afectadas puede abusarse de una ruta de activaci\u00f3n del correo electr\u00f3nico para enviar correos masivos de spam. Ha sido incluida una correcci\u00f3n en las \u00faltimas versiones estables, beta y de prueba de Discourse que limita los correos electr\u00f3nicos. Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizarse deber\u00e1n limitar manualmente la tasa de los correos electr\u00f3nicos"
}
],
"id": "CVE-2022-31184",
"lastModified": "2024-11-21T07:04:04.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-01T20:15:08.467",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/af1cb735db7fb73217b85d22dbadd1bc824ac0b0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/af1cb735db7fb73217b85d22dbadd1bc824ac0b0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-15 22:15
Modified
2024-11-21 06:25
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4E4C94-85B8-496F-AD91-28CFA7D7189E",
"versionEndIncluding": "2.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
},
{
"lang": "es",
"value": "Discourse es una plataforma para el debate comunitario. En versiones afectadas, una petici\u00f3n maliciosamente dise\u00f1ada podr\u00eda causar una respuesta de error en la cach\u00e9 de los proxies intermedios. Esto podr\u00eda causar una p\u00e9rdida de confidencialidad para algunos contenidos. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de prueba de Discourse"
}
],
"id": "CVE-2021-41271",
"lastModified": "2024-11-21T06:25:56.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-15T22:15:06.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf6r-mc9j-hf4p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf6r-mc9j-hf4p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-14 04:15
Modified
2024-11-21 06:20
Severity ?
Summary
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/Mesh3l911/Disource | Third Party Advisory | |
| cve@mitre.org | https://github.com/discourse/discourse/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/Disource | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/releases | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "568E1103-5423-4BDB-896C-6B54A6000B91",
"versionEndIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1F608C5E-6B27-4DA0-BB2A-00A0DF1540A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms."
},
{
"lang": "es",
"value": "En Discourse versiones 2.7.0 hasta beta1, una omisi\u00f3n del l\u00edmite de velocidad conlleva a una omisi\u00f3n del requisito de 2FA para determinadas formularios"
}
],
"id": "CVE-2021-3138",
"lastModified": "2024-11-21T06:20:58.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-14T04:15:15.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/Disource"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/Disource"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-05 20:15
Modified
2024-11-21 07:44
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require moderator approval of all new topics" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "B45CE307-9D3B-4733-BEF2-862A06BE3B8E",
"versionEndExcluding": "2.8.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the \"require moderator approval of all new topics\" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse\u2019s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de fuentes de opciones. Antes de la versi\u00f3n 2.8.14 en la rama `stable` y la versi\u00f3n 3.0.0.beta16 en las ramas `beta` y `tests-passed`, los t\u00edtulos de las publicaciones pendientes se pod\u00edan usar para ataques de cross-site scripting. Los usuarios sin privilegios pueden crear publicaciones pendientes cuando una categor\u00eda tiene configurada la configuraci\u00f3n \"requerir la aprobaci\u00f3n del moderador para todos los temas nuevos\". Esta vulnerabilidad puede provocar un XSS completo en sitios que han modificado o deshabilitado la Pol\u00edtica de seguridad de contenido predeterminada de Discourse. Hay un parche disponible en las versiones 2.8.14 y 3.0.0.beta16."
}
],
"id": "CVE-2023-22454",
"lastModified": "2024-11-21T07:44:50.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-05T20:15:18.900",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ggq4-4qxc-c462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ggq4-4qxc-c462"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-03 19:15
Modified
2024-11-21 09:19
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8F15A89F-6283-4B24-801E-E415FF5A4272",
"versionEndExcluding": "3.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "4EBDB0A9-6C68-4FC5-81CD-5E1B042DD60C",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "4FE1C6B5-D21B-46CC-A889-EECE10A7130A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "51C031F6-729E-4560-B33D-382177F2DB7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users\u2019 browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama \"estable\" y la versi\u00f3n 3.3.0.beta3 en la rama \"pruebas aprobadas\", un atacante pod\u00eda ejecutar JavaScript arbitrario en los navegadores de los usuarios publicando una URL espec\u00edfica que conten\u00eda metaetiquetas creadas con fines malintencionados. Este problema solo afecta a sitios con la Pol\u00edtica de seguridad de contenido (CSP) deshabilitada. El problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama \"estable\" y en la versi\u00f3n 3.3.0.beta3 en la rama \"pruebas aprobadas\". Como workaround, aseg\u00farese de que CSP est\u00e9 habilitado en el foro."
}
],
"id": "CVE-2024-35234",
"lastModified": "2024-11-21T09:19:59.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-03T19:15:04.123",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-13 22:15
Modified
2024-11-21 08:01
Severity ?
2.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "E76C733A-34C7-43E4-8472-38BB12B2A746",
"versionEndExcluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "1C4CEDDE-1495-4C7B-850A-0DABC6C3A42F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose."
}
],
"id": "CVE-2023-31142",
"lastModified": "2024-11-21T08:01:28.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-13T22:15:09.380",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-01 20:15
Modified
2024-11-21 06:29
Severity ?
Summary
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F845CD5-5BBB-4686-B459-F20DEC41748C",
"versionEndExcluding": "2.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse"
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En las versiones afectadas, una vulnerabilidad en la funcionalidad Polls permit\u00eda a usuarios votar varias veces en una encuesta de una sola opci\u00f3n. El problema se ha parcheado en las \u00faltimas versiones de Discourse, tanto en fase beta como en versi\u00f3n estable"
}
],
"id": "CVE-2021-43793",
"lastModified": "2024-11-21T06:29:48.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-12-01T20:15:08.587",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-05 19:15
Modified
2024-11-21 06:48
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A387C9DC-A3A5-416B-A564-DBD4F345972B",
"versionEndExcluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "B5A3C7FB-B3B6-45F0-AD7D-062A50490AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin\u0027s digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "En la versi\u00f3n 2.9.0.beta14 de Discourse, una plataforma de discusi\u00f3n de c\u00f3digo abierto, las URL incrustadas maliciosamente pueden filtrar un resumen de temas recientes de un administrador, posiblemente exponiendo informaci\u00f3n privada. Hay un parche disponible para la versi\u00f3n 2.9.0.beta15. No se conocen workarounds para este problema."
}
],
"id": "CVE-2022-23546",
"lastModified": "2024-11-21T06:48:47.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-05T19:15:09.327",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-05 19:15
Modified
2024-11-21 06:48
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13BCBA-EF34-4F4B-9F4A-33392EB45196",
"versionEndExcluding": "2.8.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "B5A3C7FB-B3B6-45F0-AD7D-062A50490AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "F62275F8-11E9-4D94-8F2E-F83905F65031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de fuentes de opciones. Antes de la versi\u00f3n 2.8.14 en la rama `stable` y la versi\u00f3n 2.9.0.beta16 en las ramas `beta` y `tests-passed`, los usuarios pod\u00edan crear publicaciones con un cuerpo sin formato m\u00e1s largo que la configuraci\u00f3n del sitio `max_length` al incluir html comentarios que no cuentan para el l\u00edmite de caracteres. Este problema se solucion\u00f3 en las versiones 2.8.14 y 2.9.0.beta16. No se conocen workarounds."
}
],
"id": "CVE-2022-23549",
"lastModified": "2024-11-21T06:48:47.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-05T19:15:09.500",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-01 20:15
Modified
2024-11-21 06:29
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F845CD5-5BBB-4686-B459-F20DEC41748C",
"versionEndExcluding": "2.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the \"Tags are visible only to the following groups\" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En las versiones afectadas, una vulnerabilidad afecta a usuarios de grupos de etiquetas que usan la funcionalidad \"Tags are visible only to the following groups\". Un grupo de etiquetas puede permitir a s\u00f3lo un determinado grupo (por ejemplo, el personal) visualizar determinadas etiquetas. Los usuarios que segu\u00edan o visualizaban las etiquetas por medio de /preferences/tags, y luego les es revocada su condici\u00f3n de personal, seguir\u00e1n viendo las notificaciones relacionadas con la etiqueta, pero no ver\u00e1n la etiqueta en cada tema. Este problema ha sido parcheado en la versi\u00f3n estable 2.7.11. Se recomienda a usuarios que se actualicen lo antes posible"
}
],
"id": "CVE-2021-43792",
"lastModified": "2024-11-21T06:29:47.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-01T20:15:08.433",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/cdaf7f4bb3ec268238e4c29a14bb73fad56574b4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pq2x-vq37-8522"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://meta.discourse.org/t/non-forum-staff-getting-notifications-for-staff-only-tags/184895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/cdaf7f4bb3ec268238e4c29a14bb73fad56574b4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pq2x-vq37-8522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://meta.discourse.org/t/non-forum-staff-getting-notifications-for-staff-only-tags/184895"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-07 21:15
Modified
2024-10-19 00:58
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | Mitigation, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-67mh-xhmf-c56h | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "16A670AB-8B0F-4866-9592-0B463C93175C",
"versionEndExcluding": "3.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "B70F4653-EB23-49AB-AF71-C39E5B6D5E5F",
"versionEndExcluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*",
"matchCriteriaId": "BAB3A427-361B-4FC1-859D-D871B080DEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "AF6D8860-8764-4EEF-9FDD-89FF932791A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users\u0027 browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Un atacante puede ejecutar c\u00f3digo JavaScript arbitrario en los navegadores de los usuarios enviando un mensaje de chat manipulado con fines malintencionados y respondi\u00e9ndolo. Este problema solo afecta a los sitios que tienen el CSP deshabilitado. Este problema est\u00e1 corregido en la \u00faltima versi\u00f3n de Discourse. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar la versi\u00f3n deben asegurarse de que el CSP est\u00e9 habilitado en el foro. Los usuarios que actualicen la versi\u00f3n tambi\u00e9n deben considerar habilitar un CSP, as\u00ed como una medida proactiva."
}
],
"id": "CVE-2024-47772",
"lastModified": "2024-10-19T00:58:21.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-07T21:15:18.383",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-67mh-xhmf-c56h"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-12 21:15
Modified
2024-11-21 08:54
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "A51406A4-A2FE-4BFE-8EA0-58359582D6A7",
"versionEndExcluding": "3.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4."
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. Para los campos que el cliente puede editar, no se imponen l\u00edmites de tama\u00f1o. Esto permite que un actor malintencionado haga que una instancia de Discourse utilice espacio en disco excesivo y, a menudo, tambi\u00e9n ancho de banda excesivo. El problema est\u00e1 parcheado en 3.1.4 y 3.2.0.beta4."
}
],
"id": "CVE-2024-21655",
"lastModified": "2024-11-21T08:54:48.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T21:15:11.510",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 21:15
Modified
2024-11-21 08:26
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA",
"versionEndIncluding": "3.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields."
},
{
"lang": "es",
"value": "Discourse es una plataforma comunitaria de c\u00f3digo abierto. En las versiones afectadas, cualquier usuario puede crear un tema y agregar campos personalizados arbitrarios a un tema. La gravedad de esta vulnerabilidad depende de los complementos instalados y de c\u00f3mo los complementos utilizan los campos personalizados de temas. Para una instalaci\u00f3n predeterminada de Discourse con los complementos predeterminados, esta vulnerabilidad no tiene ning\u00fan impacto. El problema se solucion\u00f3 en la \u00faltima versi\u00f3n de Discourse. Se recomienda a los usuarios que actualicen a la versi\u00f3n 3.1.1 si est\u00e1n en la rama estable o 3.2.0.beta2 si est\u00e1n en la rama beta. Los usuarios que no puedan actualizar deben deshabilitar los complementos que accedan a los campos personalizados del tema."
}
],
"id": "CVE-2023-45147",
"lastModified": "2024-11-21T08:26:26.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T21:15:11.433",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-02 17:15
Modified
2024-11-21 07:18
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC8F74E-6BEF-4A8C-AF34-A0FC24A1EDFE",
"versionEndExcluding": "2.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user\u0027s activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available."
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. Bajo ciertas condiciones, es posible que se haya otorgado una insignia de usuario en funci\u00f3n de la actividad de un usuario en un tema con acceso restringido. Antes de que se revelara esta vulnerabilidad, cualquier usuario pod\u00eda ver el t\u00edtulo del tema asociado con la insignia de usuario. Si hay informaci\u00f3n sensible en el t\u00edtulo del tema, por lo tanto habr\u00e1 sido expuesta. Este problema est\u00e1 solucionado en las \u00faltimas versiones estable, beta y de prueba de Discourse. Actualmente no hay workarounds conocidos disponibles."
}
],
"id": "CVE-2022-39378",
"lastModified": "2024-11-21T07:18:10.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-02T17:15:17.623",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-29 13:15
Modified
2024-11-21 04:18
Severity ?
Summary
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4CD835-C559-4E72-92AE-346C3FF06EA7",
"versionEndExcluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9F56245D-A74A-4AEB-89F5-37787AEBB0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "105421C3-A5FC-4842-ADB9-632478E2A543",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP."
},
{
"lang": "es",
"value": "Discourse en versiones anteriores a la 2.3.0 y 2.4.x en versiones anteriores a la 2.4.0.beta3, carece de una pantalla de confirmaci\u00f3n cuando se inicia sesi\u00f3n mediante un usuario de la api OTP."
}
],
"id": "CVE-2019-1020017",
"lastModified": "2024-11-21T04:18:11.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-29T13:15:12.263",
"references": [
{
"source": "josh@bress.net",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"source": "josh@bress.net",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-05 20:15
Modified
2024-11-21 07:44
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "B45CE307-9D3B-4733-BEF2-862A06BE3B8E",
"versionEndExcluding": "2.8.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de fuentes de opciones. Antes de la versi\u00f3n 2.8.14 en la rama \"estable\" y la versi\u00f3n 3.0.0.beta16 en las ramas \"beta\" y \"pruebas aprobadas\", la cantidad de veces que un usuario publicaba en un tema arbitrario estaba expuesto a usuarios no autorizados a trav\u00e9s de la Punto final `/u/nombredeusuario.json`. El problema se solucion\u00f3 en las versiones 2.8.14 y 3.0.0.beta16. No se conoce ning\u00fan workaround."
}
],
"id": "CVE-2023-22453",
"lastModified": "2024-11-21T07:44:50.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-05T20:15:18.743",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xx97-6494-p2rv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xx97-6494-p2rv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-28 16:15
Modified
2024-11-21 08:12
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8706E13A-141F-4E47-AA17-8DA913CE2020",
"versionEndExcluding": "3.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability."
}
],
"id": "CVE-2023-37906",
"lastModified": "2024-11-21T08:12:26.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-28T16:15:11.947",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 20:15
Modified
2024-11-21 08:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "B0080CEC-250E-46F7-8D64-BDE1EFC6B396",
"versionEndExcluding": "3.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4C868514-CFCE-4DA6-B15E-CB64CDF21609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "755DE44D-B1C7-4434-824F-5544BE6DD1CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Antes de la versi\u00f3n 3.1.1 de la rama `stable` y la versi\u00f3n 3.2.0.beta1 de las ramas `beta` y `tests-passed`, un usuario malintencionado pod\u00eda agregar una 2FA o una clave de seguridad con un nombre cuidadosamente elaborado a su cuenta. y provocar una denegaci\u00f3n de servicio para otros usuarios. El problema se solucion\u00f3 en la versi\u00f3n 3.1.1 de la rama \"estable\" y en la versi\u00f3n 3.2.0.beta1 de las ramas \"beta\" y \"ests-passed\". No se conocen workarounds."
}
],
"id": "CVE-2023-40588",
"lastModified": "2024-11-21T08:19:46.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T20:15:10.083",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-17 17:15
Modified
2024-11-21 07:54
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse\u0027s server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"id": "CVE-2023-28111",
"lastModified": "2024-11-21T07:54:25.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-17T17:15:11.613",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20710"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-14 22:15
Modified
2024-11-21 06:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9653E97-F0B1-4559-AF43-F202A84403D2",
"versionEndExcluding": "2.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para la discusi\u00f3n comunitaria. En las versiones afectadas, un atacante puede envenenar la cach\u00e9 para usuarios an\u00f3nimos (es decir, que no han iniciado sesi\u00f3n), de tal manera que a usuarios les es mostrado la vista del rastreador del sitio en lugar de la p\u00e1gina HTML. Esto puede conllevar a una denegaci\u00f3n de servicio parcial. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de prueba de Discourse. No se presentan medidas de mitigaci\u00f3n conocidas para este problema"
}
],
"id": "CVE-2022-24824",
"lastModified": "2024-11-21T06:51:10.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-14T22:15:07.827",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-18 22:15
Modified
2024-11-21 07:56
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "35B2683D-D670-4F47-90D9-D18AF3BFC9A8",
"versionEndExcluding": "3.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker\u2019s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker\u2019s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site\u0027s CSP to the default one provided with Discourse. Remove any embed-able hosts configured."
}
],
"id": "CVE-2023-29196",
"lastModified": "2024-11-21T07:56:41.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-18T22:15:07.990",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-04 01:15
Modified
2024-11-21 07:50
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3608D4A-04A7-4EA4-B4CF-EDF6E2AB7E97",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches \u003e= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse."
}
],
"id": "CVE-2023-25819",
"lastModified": "2024-11-21T07:50:15.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-04T01:15:10.227",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-07 21:15
Modified
2024-10-19 01:13
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "F0E106D0-FFF5-4403-AEB9-D17876E0FE79",
"versionEndExcluding": "3.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "2203A583-403B-4483-860A-460F22B9671E",
"versionEndIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*",
"matchCriteriaId": "BAB3A427-361B-4FC1-859D-D871B080DEE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Un usuario puede crear una publicaci\u00f3n con muchas respuestas y luego intentar obtenerlas todas a la vez. Esto puede reducir potencialmente la disponibilidad de una instancia de Discourse. Este problema se ha corregido en la \u00faltima versi\u00f3n de Discourse. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"id": "CVE-2024-43789",
"lastModified": "2024-10-19T01:13:38.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-07T21:15:16.710",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-14 17:15
Modified
2024-11-21 06:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a group's visibility and the group's members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group's visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90644EF6-8581-4711-A415-1886D3199768",
"versionEndIncluding": "2.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "7A24507D-6D4B-4992-BCFE-232AF3BFCC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "082A6871-080A-4AA7-AF4A-D664EA46488A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "8A280205-A2DC-4E30-937B-5564C779FD5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group\u0027s members visibility set to public as well. However, a group\u0027s visibility and the group\u0027s members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group\u0027s visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Los grupos de Discourse pueden ser configurados con diferentes niveles de visibilidad para el grupo as\u00ed como para los miembros del grupo. Por defecto, un grupo reci\u00e9n creado presenta su visibilidad establecida como p\u00fablica y la de los miembros del grupo tambi\u00e9n. Sin embargo, la visibilidad de un grupo y la de sus miembros puede configurarse de forma que restrinja a usuarios conectados, a los miembros del grupo o a usuarios del personal. Se ha detectado una vulnerabilidad en las versiones anteriores a la 2.7.13 y 2.8.0.beta11 en la que la opci\u00f3n de b\u00fasqueda avanzada de grupos no respeta el nivel de visibilidad del grupo y de los miembros. De este modo, un grupo con visibilidad restringida o con visibilidad de miembros puede ser revelado mediante una b\u00fasqueda con la opci\u00f3n de b\u00fasqueda correcta. Este problema est\u00e1 parcheado en las versiones \"stable\" 2.7.13, \"beta\" 2.8.0.beta11 y \"tests-passed\" 2.8.0.beta11 de Discourse. No se presentan medidas de mitigaci\u00f3n adicionales aparte de la actualizaci\u00f3n"
}
],
"id": "CVE-2022-21677",
"lastModified": "2024-11-21T06:45:12.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-14T17:15:13.153",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-768r-ppv4-5r27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-768r-ppv4-5r27"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-18 22:15
Modified
2024-11-21 08:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `authorized extensions` site setting does not include `svg` (or reset that setting to the default, by default Discourse doesn't enable SVG uploads by users).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43 | Mitigation, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "00B6C4A7-D922-42E9-9E83-4FF77564982E",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users\u2019 browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `authorized extensions` site setting does not include `svg` (or reset that setting to the default, by default Discourse doesn\u0027t enable SVG uploads by users). "
}
],
"id": "CVE-2023-30538",
"lastModified": "2024-11-21T08:00:22.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-18T22:15:08.130",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-28 16:15
Modified
2024-11-21 08:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8706E13A-141F-4E47-AA17-8DA913CE2020",
"versionEndExcluding": "3.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability."
}
],
"id": "CVE-2023-38684",
"lastModified": "2024-11-21T08:14:02.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-28T16:15:12.290",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-30 15:15
Modified
2024-11-21 09:27
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "1E60FC27-D34F-462D-97E0-9B0A3A2D5CFD",
"versionEndExcluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "4FE1C6B5-D21B-46CC-A889-EECE10A7130A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "51C031F6-729E-4560-B33D-382177F2DB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "5C2ABCC5-86B0-4CFF-AB99-BAC4D5CD94C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "F43AEDD5-616E-4ADF-BA3E-8B1537A7CDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5."
},
{
"lang": "es",
"value": " Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de 3.2.5 y 3.3.0.beta5, la vulnerabilidad permit\u00eda a un atacante inyectar iframes desde cualquier dominio, evitando las restricciones previstas impuestas por la configuraci\u00f3n de Allow_iframes. Esta vulnerabilidad se solucion\u00f3 en 3.2.5 y 3.3.0.beta5."
}
],
"id": "CVE-2024-39320",
"lastModified": "2024-11-21T09:27:27.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-30T15:15:12.180",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4p82-xh38-gq4p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4p82-xh38-gq4p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-10 16:15
Modified
2024-11-21 08:29
Severity ?
3.4 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C",
"versionEndExcluding": "3.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama `stable` y la versi\u00f3n 3.2.0.beta3 de las ramas `beta` y `tests-passed`, la caracter\u00edstica de incrustaci\u00f3n es susceptible a Server-Side Request Forgery. El problema se solucion\u00f3 en la versi\u00f3n 3.1.3 de la rama \"stable\" y en la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". Como workaround, desactive la funci\u00f3n Embedding."
}
],
"id": "CVE-2023-47121",
"lastModified": "2024-11-21T08:29:49.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-10T16:15:33.663",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-15 21:15
Modified
2024-11-21 06:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/pull/15927 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/15927 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F30E662C-449F-46D7-BB7B-6DF48073B795",
"versionEndExcluding": "2.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En las versiones anteriores a 2.8.1 en la rama \"stable\", versi\u00f3n 2.9.0.beta2 en la rama \"beta\" y versi\u00f3n 2.9.0.beta2 en la rama \"tests-passed\", los usuarios pueden desencadenar un ataque de Denegaci\u00f3n de Servicio al publicar una URL en streaming. El an\u00e1lisis de Oneboxes en el trabajo de fondo desencadena un bucle infinito, que causa p\u00e9rdidas de memoria. Este problema est\u00e1 parcheado en versi\u00f3n 2.8.1 de la rama \"stable\", en versi\u00f3n 2.9.0.beta2 de la rama \"beta\" y en versi\u00f3n 2.9.0.beta2 de la rama \"tests-passed\". Como medida de mitigaci\u00f3n, deshabilite por completo el onebox en el panel de administraci\u00f3n o especifique la lista de dominios permitidos para el oneboxing"
}
],
"id": "CVE-2022-23641",
"lastModified": "2024-11-21T06:48:59.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-15T21:15:07.657",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/15927"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/15927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-14 22:15
Modified
2024-11-21 08:09
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "DAC6A45A-C0D4-4135-9159-684D055A89D0",
"versionEndExcluding": "3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.\n"
}
],
"id": "CVE-2023-36466",
"lastModified": "2024-11-21T08:09:46.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-14T22:15:09.170",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-26 21:18
Modified
2024-11-21 07:45
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "906007C2-9CCA-4A7B-BD04-57DCC3675FC9",
"versionEndExcluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Las versiones anteriores a 3.0.1 (estable), 3.1.0.beta2 (beta) y 3.1.0.beta2 (pruebas aprobadas) est\u00e1n sujetas a la asignaci\u00f3n de recursos sin l\u00edmites ni limitaciones. Como no hay l\u00edmite para los datos contenidos en un borrador, un usuario malintencionado puede crear un borrador arbitrariamente grande, lo que obliga a rastrear la instancia. Este problema se solucion\u00f3 en las versiones 3.0.1 (estable), 3.1.0.beta2 (beta) y 3.1.0.beta2 (pruebas aprobadas). No hay soluciones."
}
],
"id": "CVE-2023-22739",
"lastModified": "2024-11-21T07:45:19.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:18:13.257",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-08 20:15
Modified
2024-11-21 07:49
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Summary
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "906007C2-9CCA-4A7B-BD04-57DCC3675FC9",
"versionEndExcluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"id": "CVE-2023-25167",
"lastModified": "2024-11-21T07:49:14.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-08T20:15:25.100",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-10 15:15
Modified
2024-11-21 08:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C",
"versionEndExcluding": "3.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama `stable` y la versi\u00f3n 3.2.0.beta3 de las ramas `beta` y `tests-passed`, algunos enlaces pueden inyectar etiquetas HTML arbitrarias cuando se procesan a trav\u00e9s de nuestro motor Onebox. El problema se solucion\u00f3 en la versi\u00f3n 3.1.3 de la rama \"stable\" y en la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."
}
],
"id": "CVE-2023-47119",
"lastModified": "2024-11-21T08:29:49.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-10T15:15:09.077",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-29 14:15
Modified
2024-11-21 04:18
Severity ?
Summary
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| josh@bress.net | https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade | Patch, Third Party Advisory | |
| josh@bress.net | https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4CD835-C559-4E72-92AE-346C3FF06EA7",
"versionEndExcluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9F56245D-A74A-4AEB-89F5-37787AEBB0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "105421C3-A5FC-4842-ADB9-632478E2A543",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link."
},
{
"lang": "es",
"value": "Discourse en versiones anteriores a la 2.3.0 y 2.4.x en versiones anteriores a la 2.4.0.beta3 carece de una pantalla de confirmaci\u00f3n cuando se inicia sesi\u00f3n mediante un enlace de correo electr\u00f3nico."
}
],
"id": "CVE-2019-1020018",
"lastModified": "2024-11-21T04:18:12.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-29T14:15:11.257",
"references": [
{
"source": "josh@bress.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade"
},
{
"source": "josh@bress.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-13 16:15
Modified
2024-11-21 06:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A85C6E2-A78D-47B2-AE03-A12AE6A2E8BD",
"versionEndExcluding": "2.7.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user\u0027s read state for a topic such as the last read post number and the notification level is exposed."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. En Discourse versiones anteriores a 2.7.8 y 2.8.0.beta5, el estado de lectura de un usuario para un tema, como el n\u00famero de la \u00faltima publicaci\u00f3n le\u00edda y el nivel de notificaci\u00f3n, est\u00e1 expuesto."
}
],
"id": "CVE-2021-37703",
"lastModified": "2024-11-21T06:15:44.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-13T16:15:07.827",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-17 17:15
Modified
2024-11-21 07:54
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "618BD7ED-B602-46C3-AFDA-55544B4E6264",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"id": "CVE-2023-28107",
"lastModified": "2024-11-21T07:54:25.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-17T17:15:11.517",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20700"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20701"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/pull/20701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-29 18:15
Modified
2024-11-21 07:30
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "140D3326-21AC-459D-8196-E17C9046AE3E",
"versionEndExcluding": "2.8.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Antes de la versi\u00f3n 2.8.13 de la rama `stable` y la versi\u00f3n 2.9.0.beta14 de las ramas `beta` y `tests-passed`, los usuarios no autorizados pod\u00edan enterarse de la existencia de etiquetas ocultas y de que se hab\u00edan aplicado a temas a los que tienen acceso. Este problema se solucion\u00f3 en la versi\u00f3n 2.8.13 de la rama \"stable\" y en la versi\u00f3n 2.9.0.beta14 de las ramas \"beta\" y \"tests-passed\". Como workaround, utilice la configuraci\u00f3n del sitio `disable_email` para desactivar todos los correos electr\u00f3nicos dirigidos a usuarios que no pertenecen al personal."
}
],
"id": "CVE-2022-46150",
"lastModified": "2024-11-21T07:30:12.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-29T18:15:10.467",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-30 22:15
Modified
2024-11-21 08:58
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "64C82627-1660-4628-8F03-A8D148EACDA1",
"versionEndExcluding": "3.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "84DF2347-8189-4983-BD23-3E43050C6795",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. La entrada del usuario mal sanitizada podr\u00eda provocar una vulnerabilidad XSS en algunas situaciones. Esta vulnerabilidad solo afecta a las instancias de Discourse que han deshabilitado la Pol\u00edtica de seguridad de contenido predeterminada. La vulnerabilidad est\u00e1 parcheada en 3.1.5 y 3.2.0.beta5. Como workaround, aseg\u00farese de que la Pol\u00edtica de seguridad de contenido est\u00e9 habilitada y no incluya \"unsafe-inline\"."
}
],
"id": "CVE-2024-23834",
"lastModified": "2024-11-21T08:58:31.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-30T22:15:53.307",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 21:15
Modified
2024-11-21 08:09
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "DAC6A45A-C0D4-4135-9159-684D055A89D0",
"versionEndExcluding": "3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.\n"
}
],
"id": "CVE-2023-36473",
"lastModified": "2024-11-21T08:09:47.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T21:15:08.957",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 22:15
Modified
2024-11-21 08:25
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA",
"versionEndIncluding": "3.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Los res\u00famenes de usuario son accesibles para usuarios an\u00f3nimos incluso cuando \"hide_user_profiles_from_public\" est\u00e1 habilitado. Este problema se ha solucionado en las versiones 3.1.1 stable y 3.2.0.beta2 de Discourse. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-44391",
"lastModified": "2024-11-21T08:25:48.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T22:15:12.477",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 21:15
Modified
2024-11-21 07:03
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/pull/17071 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/17071 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8F935-CC56-40AD-ADA9-C13AB1B1371A",
"versionEndExcluding": "2.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a 2.8.4 en la rama \"stable\" y la versi\u00f3n \"2.9.0.beta5\" en las ramas \"beta\" y \"tests-passed\", los datos de los temas de los banners est\u00e1n expuestos en los sitios que requieren inicio de sesi\u00f3n. Este problema ha sido corregido en versi\u00f3n 2.8.4 de la rama \"stable\" y en la versi\u00f3n \"2.9.0.beta5\" de las ramas \"beta\" y \"tests-passed\" de Discourse. Como mitigaci\u00f3n, pueden deshabllitarse los banners"
}
],
"id": "CVE-2022-31060",
"lastModified": "2024-11-21T07:03:48.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T21:15:16.317",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/17071"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/17071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-05 19:15
Modified
2024-11-21 06:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "131D6FC3-2C60-4524-9B4E-F8316312A606",
"versionEndExcluding": "2.7.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "7A24507D-6D4B-4992-BCFE-232AF3BFCC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "082A6871-080A-4AA7-AF4A-D664EA46488A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "8A280205-A2DC-4E30-937B-5564C779FD5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para la discusi\u00f3n comunitaria. En las versiones afectadas, cuando es redactado un mensaje desde un tema, las sugerencias del usuario compositor revelan a los participantes que susurran. El problema ha sido parcheado en la versi\u00f3n estable 2.7.13 y en la versi\u00f3n beta 2.8.0.beta11. No se presentan medidas de mitigaci\u00f3n adicionales para este problema y se recomienda a usuarios que actualicen\n"
}
],
"id": "CVE-2022-21642",
"lastModified": "2024-11-21T06:45:08.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-05T19:15:09.053",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-15 21:15
Modified
2024-11-21 06:07
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is patched in `stable` version 2.7.6, `beta` version 2.8.0.beta3, and `tests-passed` version 2.8.0.beta3. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE17BE6D-684F-4D02-BD74-A5527DC5075E",
"versionEndIncluding": "2.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse\u0027s default Content Security Policy. The issue is patched in `stable` version 2.7.6, `beta` version 2.8.0.beta3, and `tests-passed` version 2.8.0.beta3. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En Discourse versiones 2.7.5 y anteriores, el an\u00e1lisis y la renderizaci\u00f3n de los Oneboxes de YouTube pueden ser susceptibles a ataques de tipo XSS. Esta vulnerabilidad s\u00f3lo afecta a los sitios que han modificado o desactivado la pol\u00edtica de seguridad de contenidos predeterminada de Discourse. El problema est\u00e1 parcheado en versiones \"estable\" 2.7.6, \"beta\" 2.8.0.beta3 y \"tests-passed\" 2.8.0.beta3. Como soluci\u00f3n, aseg\u00farese de que la pol\u00edtica de seguridad de contenidos est\u00e1 activada y no ha sido modificada de manera que sea m\u00e1s vulnerable a ataques de tipo XSS"
}
],
"id": "CVE-2021-32764",
"lastModified": "2024-11-21T06:07:41.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-15T21:15:09.373",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9x4c-29xg-56hw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9x4c-29xg-56hw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-12 21:15
Modified
2024-11-21 08:32
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "A51406A4-A2FE-4BFE-8EA0-58359582D6A7",
"versionEndExcluding": "3.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4."
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. En circunstancias muy espec\u00edficas, los usuarios invitados pueden acceder a las URL de carga segura asociadas con las publicaciones incluso cuando se requiere iniciar sesi\u00f3n. Esta vulnerabilidad ha sido parcheada en 3.2.0.beta4 y 3.1.4."
}
],
"id": "CVE-2023-49099",
"lastModified": "2024-11-21T08:32:49.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T21:15:09.747",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-16 21:15
Modified
2024-11-21 07:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message.
In the patched versions, the count of personal messages tagged with a given tag is hidden by default. To revert to the old behaviour of displaying the count of personal messages for a given tag, an admin may enable the `display_personal_messages_tag_counts` site setting.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "C19D7945-EB52-43C0-B9B7-8C250FEDC451",
"versionEndExcluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message.\n\nIn the patched versions, the count of personal messages tagged with a given tag is hidden by default. To revert to the old behaviour of displaying the count of personal messages for a given tag, an admin may enable the `display_personal_messages_tag_counts` site setting."
}
],
"id": "CVE-2023-23935",
"lastModified": "2024-11-21T07:47:08.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-16T21:15:13.183",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-02 17:15
Modified
2024-11-21 07:18
Severity ?
8.9 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/pull/18817 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-x8w7-rwmr-w278 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/18817 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-x8w7-rwmr-w278 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B12D112-6E19-48E4-92C4-0719F6719929",
"versionEndExcluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user\u0027s email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses."
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. Los usuarios que reciben un enlace de invitaci\u00f3n que no est\u00e1 dirigido a una \u00fanica direcci\u00f3n de correo electr\u00f3nico pueden ingresar el correo electr\u00f3nico de cualquier usuario que no sea administrador y obtener acceso a su cuenta al aceptar la invitaci\u00f3n. Todos los usuarios deben actualizar a la \u00faltima versi\u00f3n. Un workaround alternativo es deshabilitar temporalmente las invitaciones con `SiteSetting.max_invites_per_day = 0` o limitarlas a direcciones de correo electr\u00f3nico individuales."
}
],
"id": "CVE-2022-39356",
"lastModified": "2024-11-21T07:18:06.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-02T17:15:17.520",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18817"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x8w7-rwmr-w278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/18817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x8w7-rwmr-w278"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-05 18:15
Modified
2024-11-21 07:30
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC'd on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/pull/19724 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/19724 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13BCBA-EF34-4F4B-9F4A-33392EB45196",
"versionEndExcluding": "2.8.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "B5A3C7FB-B3B6-45F0-AD7D-062A50490AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "F62275F8-11E9-4D94-8F2E-F83905F65031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another\u0027s email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC\u0027d on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de fuentes de opciones. Antes de la versi\u00f3n 2.8.14 en la rama \"estable\" y la versi\u00f3n 2.9.0.beta15 en las ramas \"beta\" y \"pruebas aprobadas\", los destinatarios de un correo electr\u00f3nico SMTP grupal pod\u00edan ver las direcciones de correo electr\u00f3nico de todos los dem\u00e1s usuarios dentro del grupo. Tema SMTP. La mayor\u00eda de las veces esto no es un problema ya que probablemente ya est\u00e9n familiarizados con las direcciones de correo electr\u00f3nico de los dem\u00e1s. Este problema se solucion\u00f3 en las versiones 2.8.14 y 2.9.0.beta15. La soluci\u00f3n es que alguien que env\u00eda correos electr\u00f3nicos a trav\u00e9s de SMTP grupal a usuarios no preparados enmascara esos correos electr\u00f3nicos con copia oculta (blind carbon copy, BCC). Los usuarios preparados son aquellos que probablemente solo han interactuado con el grupo a trav\u00e9s de correo electr\u00f3nico y probablemente incluir\u00e1n a otras personas que recibieron CC en el correo electr\u00f3nico original del grupo. Como workaround, deshabilite el SMTP de grupo para cualquier grupo que lo tenga habilitado."
}
],
"id": "CVE-2022-46168",
"lastModified": "2024-11-21T07:30:14.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-05T18:15:08.950",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/19724"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/19724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-10 15:15
Modified
2024-11-21 08:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C",
"versionEndExcluding": "3.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. "
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama \"stable\" y la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\", algunos componentes del tema permit\u00edan a los usuarios agregar archivos svg con atributos de \"height\" ilimitados, y esto puede afectar la disponibilidad de respuestas posteriores en un tema. La mayor\u00eda de las instancias de Discourse no se ven afectadas, solo las instancias con el componente de tema svgbob o sirena est\u00e1n dentro del alcance. El problema se solucion\u00f3 en la versi\u00f3n 3.1.3 de la rama \"stable\" y en la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". Como workaround, deshabilite o elimine los componentes relevantes del tema."
}
],
"id": "CVE-2023-46130",
"lastModified": "2024-11-21T08:27:56.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-10T15:15:08.870",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-13 18:15
Modified
2024-11-21 06:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 | |
| discourse | discourse | 2.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "131D6FC3-2C60-4524-9B4E-F8316312A606",
"versionEndExcluding": "2.7.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "7A24507D-6D4B-4992-BCFE-232AF3BFCC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "082A6871-080A-4AA7-AF4A-D664EA46488A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "8A280205-A2DC-4E30-937B-5564C779FD5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `\u003cmeta\u003e` tags on their users\u0027 pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En versiones anteriores a 2.8.0.beta11 en la rama \"tests-passed\", la versi\u00f3n 2.8.0.beta11 en la rama \"beta\", y la versi\u00f3n 2.7.13 en la rama \"stable\", las biograf\u00edas de los usuarios que hac\u00edan sus perfiles privados segu\u00edan siendo visibles en las etiquetas \"(meta)\" de sus p\u00e1ginas de usuario. El problema est\u00e1 parcheado en la versi\u00f3n 2.8.0.beta11 de \"tests-passed\", la versi\u00f3n 2.8.0.beta11 de \"beta\" y la versi\u00f3n 2.7.13 de \"stable\" de Discourse"
}
],
"id": "CVE-2022-21678",
"lastModified": "2024-11-21T06:45:12.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-13T18:15:08.233",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-05 20:15
Modified
2024-11-21 07:30
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account's primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "B45CE307-9D3B-4733-BEF2-862A06BE3B8E",
"versionEndExcluding": "2.8.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account\u0027s primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de fuentes de opciones. Antes de la versi\u00f3n 2.8.14 en la rama `stable` y la versi\u00f3n 3.0.0.beta16 en las ramas `beta` y `tests-passed`, cuando un usuario solicita un correo electr\u00f3nico con un enlace para restablecer su contrase\u00f1a y luego cambia su correo electr\u00f3nico principal, el antiguo correo electr\u00f3nico de restablecimiento sigue siendo v\u00e1lido. Cuando se utiliza el correo electr\u00f3nico de restablecimiento anterior para restablecer la contrase\u00f1a, el correo electr\u00f3nico principal de la cuenta de Discourse se volver\u00e1 a vincular al correo electr\u00f3nico anterior. Si la antigua direcci\u00f3n de correo electr\u00f3nico est\u00e1 comprometida o ha transferido la propiedad, esto conduce a una apropiaci\u00f3n de la cuenta. Sin embargo, esto se mitiga con SiteSetting `email_token_valid_hours`, que actualmente es de 48 horas. Los usuarios deben actualizar a las versiones 2.8.14 o 3.0.0.beta15 para recibir un parche. Como workaround, reduzca `email_token_valid_hours ` seg\u00fan sea necesario."
}
],
"id": "CVE-2022-46177",
"lastModified": "2024-11-21T07:30:16.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-05T20:15:18.587",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/83944213b2b2454af80d0407f60d67641b1f0b38"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5www-jxvf-vrc3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/83944213b2b2454af80d0407f60d67641b1f0b38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5www-jxvf-vrc3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-28 00:15
Modified
2024-11-21 07:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/pull/20004 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/20004 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "C19D7945-EB52-43C0-B9B7-8C250FEDC451",
"versionEndExcluding": "3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*",
"matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*",
"matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*",
"matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*",
"matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*",
"matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*",
"matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*",
"matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*",
"matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*",
"matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*",
"matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*",
"matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.0.1 en la rama \"stable\" y 3.1.0.beta2 en las ramas \"beta\" y \"tests-passed\", usuarios no autorizados pod\u00edan acceder al contenido de las rutas m\u00e1s recientes/principales para etiquetas restringidas. Este problema se solucion\u00f3 en la versi\u00f3n 3.0.1 en la rama \"stable\" y en la 3.1.0.beta2 en las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."
}
],
"id": "CVE-2023-23620",
"lastModified": "2024-11-21T07:46:32.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-28T00:15:09.270",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/20004"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/20004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-07 21:15
Modified
2024-10-19 01:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "16A670AB-8B0F-4866-9592-0B463C93175C",
"versionEndExcluding": "3.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "B70F4653-EB23-49AB-AF71-C39E5B6D5E5F",
"versionEndExcluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*",
"matchCriteriaId": "BAB3A427-361B-4FC1-859D-D871B080DEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "AF6D8860-8764-4EEF-9FDD-89FF932791A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Los usuarios pueden ver temas con una etiqueta oculta si conocen la etiqueta o el nombre de esa etiqueta. Este problema se ha corregido en la \u00faltima versi\u00f3n estable, beta y de pruebas aprobadas de Discourse. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-45297",
"lastModified": "2024-10-19T01:06:04.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-07T21:15:17.870",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-58xw-3qr3-53gp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-07 15:15
Modified
2024-11-21 07:03
Severity ?
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8F935-CC56-40AD-ADA9-C13AB1B1371A",
"versionEndExcluding": "2.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users."
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. En versiones anteriores a 2.8.4 en la rama \"stable\" y de la 2.9.0beta5 en las ramas \"beta\" y \"tests-passed\", invitar a usuarios en sitios que usan el inicio de sesi\u00f3n \u00fanico pod\u00eda omitir la comprobaci\u00f3n \"must_approve_users\" y las invitaciones del personal siempre son aprobadas autom\u00e1ticamente. El problema est\u00e1 parcheado en la versi\u00f3n 2.8.4 de Discourse en la rama \"stable\" y en versi\u00f3n \"2.9.0.beta5\" en las ramas \"beta\" y \"tests-passed\". Como mitigaci\u00f3n, deshabilite las invitaciones o aumente \"min_trust_level_to_allow_invite\" para reducir la superficie de ataque a los usuarios de mayor confianza"
}
],
"id": "CVE-2022-31025",
"lastModified": "2024-11-21T07:03:44.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-07T15:15:09.877",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/16974"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/16984"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x7jh-mx5q-6f9q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/16974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/16984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x7jh-mx5q-6f9q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-03 20:15
Modified
2024-11-21 09:21
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "8F15A89F-6283-4B24-801E-E415FF5A4272",
"versionEndExcluding": "3.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "4EBDB0A9-6C68-4FC5-81CD-5E1B042DD60C",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "4FE1C6B5-D21B-46CC-A889-EECE10A7130A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "51C031F6-729E-4560-B33D-382177F2DB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.3.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "5C2ABCC5-86B0-4CFF-AB99-BAC4D5CD94C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama \"estable\" y la versi\u00f3n 3.3.0.beta4 en las ramas \"beta\" y \"pruebas aprobadas\", los moderadores que usaban la cola de revisi\u00f3n para revisar a los usuarios pod\u00edan ver la direcci\u00f3n de correo electr\u00f3nico de un usuario incluso cuando la opci\u00f3n Permitir Los moderadores para ver las direcciones de correo electr\u00f3nico est\u00e1n deshabilitados. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama \"estable\" y en la versi\u00f3n 3.3.0.beta4 en las ramas \"beta\" y \"pruebas aprobadas\". Como posibles workarounds, impida que los moderadores accedan a la cola de revisi\u00f3n o deshabilite la configuraci\u00f3n del sitio para aprobar usuarios sospechosos y la configuraci\u00f3n del sitio para aprobar a los usuarios para evitar que se agreguen usuarios a la cola de revisi\u00f3n."
}
],
"id": "CVE-2024-36122",
"lastModified": "2024-11-21T09:21:40.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-03T20:15:04.243",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 22:15
Modified
2024-11-21 08:24
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA",
"versionEndIncluding": "3.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.\n"
},
{
"lang": "es",
"value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. El escape inadecuado de la entrada del usuario permiti\u00f3 ataques de Cross-Site Scripting a trav\u00e9s de la interfaz de usuario de vista previa del resumen del correo electr\u00f3nico. Este problema s\u00f3lo afecta a sitios con CSP deshabilitado. Este problema se solucion\u00f3 en la versi\u00f3n 3.1.1 stable y en la versi\u00f3n 3.2.0.beta1. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben asegurarse de que CSP est\u00e9 habilitado en el foro."
}
],
"id": "CVE-2023-43659",
"lastModified": "2024-11-21T08:24:33.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T22:15:12.237",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-05 19:15
Modified
2024-11-21 06:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/discourse/discourse/pull/19737 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/pull/19737 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse | * | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 2.9.0 | |
| discourse | discourse | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13BCBA-EF34-4F4B-9F4A-33392EB45196",
"versionEndExcluding": "2.8.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "B5A3C7FB-B3B6-45F0-AD7D-062A50490AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "F62275F8-11E9-4D94-8F2E-F83905F65031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de fuentes de opciones. Antes de la versi\u00f3n 2.8.14 en la rama `stable` y la versi\u00f3n 2.9.0.beta16 en las ramas `beta` y `tests-passed`, el an\u00e1lisis de publicaciones puede ser susceptible a ataques de denegaci\u00f3n de servicio (ReDoS) de expresi\u00f3n regular. Este problema se solucion\u00f3 en las versiones 2.8.14 y 2.9.0.beta16. No se conocen workarounds."
}
],
"id": "CVE-2022-23548",
"lastModified": "2024-11-21T06:48:47.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-05T19:15:09.423",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/19737"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/pull/19737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-25167
Vulnerability from cvelistv5
Published
2023-02-08 19:31
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w"
},
{
"name": "https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.1"
},
{
"status": "affected",
"version": "\u003e= 3.1.0.beta, \u003c 3.1.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T19:31:59.994Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w"
},
{
"name": "https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd"
}
],
"source": {
"advisory": "GHSA-4w55-w26q-r35w",
"discovery": "UNKNOWN"
},
"title": "Regular expression denial of service via installing themes via git in discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25167",
"datePublished": "2023-02-08T19:31:59.994Z",
"dateReserved": "2023-02-03T16:59:18.246Z",
"dateUpdated": "2024-08-02T11:18:35.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23621
Vulnerability from cvelistv5
Published
2023-01-27 23:31
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/20002 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv"
},
{
"name": "https://github.com/discourse/discourse/pull/20002",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20002"
},
{
"name": "https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.1"
},
{
"status": "affected",
"version": "= 3.1.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T23:31:05.923Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv"
},
{
"name": "https://github.com/discourse/discourse/pull/20002",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20002"
},
{
"name": "https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458"
}
],
"source": {
"advisory": "GHSA-mrfp-54hf-jrcv",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to ReDoS in user agent parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23621",
"datePublished": "2023-01-27T23:31:05.923Z",
"dateReserved": "2023-01-16T17:07:46.243Z",
"dateUpdated": "2024-08-02T10:35:33.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34250
Vulnerability from cvelistv5
Published
2023-06-13 21:41
Modified
2025-01-02 21:08
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T21:07:51.077698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:08:05.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.4"
},
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn\u0027t have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T21:41:29.652Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg"
}
],
"source": {
"advisory": "GHSA-q8m5-wmjr-3ppg",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to exposure of number of topics recently created in private categories"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34250",
"datePublished": "2023-06-13T21:41:29.652Z",
"dateReserved": "2023-05-31T13:51:51.174Z",
"dateUpdated": "2025-01-02T21:08:05.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-23023
Vulnerability from cvelistv5
Published
2025-02-04 20:48
Modified
2025-02-12 14:02
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-5h4h-2f46-r3c7 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:02:26.215136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:02:29.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.3.2"
},
{
"status": "affected",
"version": "tests-passed: \u003c 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:48:53.343Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5h4h-2f46-r3c7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5h4h-2f46-r3c7"
}
],
"source": {
"advisory": "GHSA-5h4h-2f46-r3c7",
"discovery": "UNKNOWN"
},
"title": "Anonymous cache poisoning via request headers in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-23023",
"datePublished": "2025-02-04T20:48:53.343Z",
"dateReserved": "2025-01-10T15:11:08.880Z",
"dateUpdated": "2025-02-12T14:02:29.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37904
Vulnerability from cvelistv5
Published
2023-07-28 15:09
Modified
2024-10-10 16:05
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg"
},
{
"name": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:33:20.983055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:05:21.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta7"
},
{
"status": "affected",
"version": "\u003c 3.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-28T15:09:08.049Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg"
},
{
"name": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b"
}
],
"source": {
"advisory": "GHSA-6wj5-4ph2-c7qg",
"discovery": "UNKNOWN"
},
"title": "Discourse Race Condition in Accept Invite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37904",
"datePublished": "2023-07-28T15:09:08.049Z",
"dateReserved": "2023-07-10T17:51:29.610Z",
"dateUpdated": "2024-10-10T16:05:21.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45816
Vulnerability from cvelistv5
Published
2023-11-10 14:49
Modified
2024-09-03 17:43
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf"
},
{
"name": "https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1"
},
{
"name": "https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:40:30.497970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:43:21.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.3"
},
{
"status": "affected",
"version": "\u003e= 3.2.0.beta0, \u003c 3.2.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T15:10:46.018Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf"
},
{
"name": "https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1"
},
{
"name": "https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216"
}
],
"source": {
"advisory": "GHSA-v9r6-92wp-f6cf",
"discovery": "UNKNOWN"
},
"title": "Unread bookmark reminder notifications that the user cannot access can be seen"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45816",
"datePublished": "2023-11-10T14:49:27.544Z",
"dateReserved": "2023-10-13T12:00:50.437Z",
"dateUpdated": "2024-09-03T17:43:21.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21678
Vulnerability from cvelistv5
Published
2022-01-13 17:30
Modified
2024-08-03 02:46
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.13"
},
{
"status": "affected",
"version": "\u003c 2.8.0.beta11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `\u003cmeta\u003e` tags on their users\u0027 pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T17:30:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c"
}
],
"source": {
"advisory": "GHSA-jwww-46gv-564m",
"discovery": "UNKNOWN"
},
"title": "User\u0027s bio visible even if profile is restricted in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21678",
"STATE": "PUBLIC",
"TITLE": "User\u0027s bio visible even if profile is restricted in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.13"
},
{
"version_value": "\u003c 2.8.0.beta11"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `\u003cmeta\u003e` tags on their users\u0027 pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m"
},
{
"name": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de"
},
{
"name": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c"
}
]
},
"source": {
"advisory": "GHSA-jwww-46gv-564m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21678",
"datePublished": "2022-01-13T17:30:12",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47119
Vulnerability from cvelistv5
Published
2023-11-10 15:00
Modified
2024-09-03 18:56
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"
},
{
"name": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"
},
{
"name": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.beta3",
"status": "affected",
"version": "3.2.0.beta0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T18:52:01.171694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:56:52.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.3"
},
{
"status": "affected",
"version": "\u003e= 3.2.0.beta0, \u003c 3.2.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T15:09:38.992Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"
},
{
"name": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"
},
{
"name": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"
}
],
"source": {
"advisory": "GHSA-j95w-5hvx-jp5w",
"discovery": "UNKNOWN"
},
"title": "HTML injection in oneboxed links"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47119",
"datePublished": "2023-11-10T15:00:38.158Z",
"dateReserved": "2023-10-30T19:57:51.674Z",
"dateUpdated": "2024-09-03T18:56:52.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46159
Vulnerability from cvelistv5
Published
2022-12-02 14:15
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp"
},
{
"name": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.8.13"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c= 2.9.0.beta14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-02T14:15:11.740Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp"
},
{
"name": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382"
}
],
"source": {
"advisory": "GHSA-qf99-xpx6-hgxp",
"discovery": "UNKNOWN"
},
"title": "Any authenticated Discourse user can create an unlisted topic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-46159",
"datePublished": "2022-12-02T14:15:11.740Z",
"dateReserved": "2022-11-28T17:27:19.997Z",
"dateUpdated": "2024-08-03T14:24:03.376Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41043
Vulnerability from cvelistv5
Published
2023-09-15 19:27
Modified
2024-09-24 18:13
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:02:52.246070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:13:49.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.1.1"
},
{
"status": "affected",
"version": "beta \u003c 3.2.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.2.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T19:27:59.432Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx"
}
],
"source": {
"advisory": "GHSA-28hh-h5xw-xgvx",
"discovery": "UNKNOWN"
},
"title": "Discourse DoS via SvgSprite cache"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41043",
"datePublished": "2023-09-15T19:27:59.432Z",
"dateReserved": "2023-08-22T16:57:23.932Z",
"dateUpdated": "2024-09-24T18:13:49.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23620
Vulnerability from cvelistv5
Published
2023-01-27 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "3.1.0.beta1"
},
{
"lessThan": "3.0.1",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx"
},
{
"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164"
},
{
"url": "https://github.com/discourse/discourse/pull/20004"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Discourse restricted tag routes leak topic information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23620",
"datePublished": "2023-01-27T00:00:00",
"dateReserved": "2023-01-16T00:00:00",
"dateUpdated": "2024-08-02T10:35:33.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28111
Vulnerability from cvelistv5
Published
2023-03-17 17:00
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/20710 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc"
},
{
"name": "https://github.com/discourse/discourse/pull/20710",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20710"
},
{
"name": "https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "beta \u003c 3.1.0.beta3"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.1.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse\u0027s server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T17:00:04.375Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc"
},
{
"name": "https://github.com/discourse/discourse/pull/20710",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20710"
},
{
"name": "https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a"
}
],
"source": {
"advisory": "GHSA-26h3-8ww8-v5fc",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28111",
"datePublished": "2023-03-17T17:00:04.375Z",
"dateReserved": "2023-03-10T18:34:29.227Z",
"dateUpdated": "2024-08-02T12:30:24.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31184
Vulnerability from cvelistv5
Published
2022-08-01 19:40
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/af1cb735db7fb73217b85d22dbadd1bc824ac0b0 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/af1cb735db7fb73217b85d22dbadd1bc824ac0b0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.7"
},
{
"status": "affected",
"version": "\u003c 2.9.0.beta8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T19:40:30",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/af1cb735db7fb73217b85d22dbadd1bc824ac0b0"
}
],
"source": {
"advisory": "GHSA-m5w9-8gp8-2hrf",
"discovery": "UNKNOWN"
},
"title": "Email activation route can be abused by spammers in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31184",
"STATE": "PUBLIC",
"TITLE": "Email activation route can be abused by spammers in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.7"
},
{
"version_value": "\u003c 2.9.0.beta8"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf"
},
{
"name": "https://github.com/discourse/discourse/commit/af1cb735db7fb73217b85d22dbadd1bc824ac0b0",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/af1cb735db7fb73217b85d22dbadd1bc824ac0b0"
}
]
},
"source": {
"advisory": "GHSA-m5w9-8gp8-2hrf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31184",
"datePublished": "2022-08-01T19:40:30",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44391
Vulnerability from cvelistv5
Published
2023-10-16 21:22
Modified
2024-09-16 15:42
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.beta2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:59:00.463164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:42:23.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.1.1"
},
{
"status": "affected",
"version": "beta \u003c= 3.2.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T21:22:24.719Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr"
}
],
"source": {
"advisory": "GHSA-7px5-fqcf-7mfr",
"discovery": "UNKNOWN"
},
"title": "Prevent unauthorized access to summary details in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44391",
"datePublished": "2023-10-16T21:22:24.719Z",
"dateReserved": "2023-09-28T17:56:32.613Z",
"dateUpdated": "2024-09-16T15:42:23.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37299
Vulnerability from cvelistv5
Published
2024-07-30 14:22
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T15:02:32.680889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:02:59.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4j6h-9pjp-5476",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4j6h-9pjp-5476"
},
{
"name": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210"
},
{
"name": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.5"
},
{
"status": "affected",
"version": "\u003e= 3.3.0.beta1, \u003c 3.3.0.beta5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:29:55.137Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4j6h-9pjp-5476",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4j6h-9pjp-5476"
},
{
"name": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210"
},
{
"name": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e"
}
],
"source": {
"advisory": "GHSA-4j6h-9pjp-5476",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to DoS via Tag Group"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37299",
"datePublished": "2024-07-30T14:22:36.367Z",
"dateReserved": "2024-06-05T20:10:46.496Z",
"dateUpdated": "2024-08-02T03:50:55.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37633
Vulnerability from cvelistv5
Published
2021-08-09 19:35
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-v3v8-3m5w-pjp9 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/38199424bc840d2ef002cd1e9bffdbb99191eb47 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v3v8-3m5w-pjp9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/38199424bc840d2ef002cd1e9bffdbb99191eb47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse\u0027s default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T19:35:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v3v8-3m5w-pjp9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/38199424bc840d2ef002cd1e9bffdbb99191eb47"
}
],
"source": {
"advisory": "GHSA-v3v8-3m5w-pjp9",
"discovery": "UNKNOWN"
},
"title": "XSS via d-popover and d-html-popover attribute",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-37633",
"STATE": "PUBLIC",
"TITLE": "XSS via d-popover and d-html-popover attribute"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.8"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse\u0027s default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-v3v8-3m5w-pjp9",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v3v8-3m5w-pjp9"
},
{
"name": "https://github.com/discourse/discourse/commit/38199424bc840d2ef002cd1e9bffdbb99191eb47",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/38199424bc840d2ef002cd1e9bffdbb99191eb47"
}
]
},
"source": {
"advisory": "GHSA-v3v8-3m5w-pjp9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-37633",
"datePublished": "2021-08-09T19:35:09",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29196
Vulnerability from cvelistv5
Published
2023-04-18 21:24
Modified
2025-02-06 16:31
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:30:57.311462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:31:16.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.0.3"
},
{
"status": "affected",
"version": "beta: \u003c 3.1.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker\u2019s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker\u2019s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site\u0027s CSP to the default one provided with Discourse. Remove any embed-able hosts configured."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T21:24:10.098Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48"
}
],
"source": {
"advisory": "GHSA-986p-4x8q-8f48",
"discovery": "UNKNOWN"
},
"title": "HTML injection via topic embedding in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29196",
"datePublished": "2023-04-18T21:24:10.098Z",
"dateReserved": "2023-04-03T13:37:18.453Z",
"dateUpdated": "2025-02-06T16:31:16.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-22601
Vulnerability from cvelistv5
Published
2025-02-04 20:53
Modified
2025-02-11 21:32
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-gvpp-v7mp-wxxw | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:32:06.142468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:32:19.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta3"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:53:11.983Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-gvpp-v7mp-wxxw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gvpp-v7mp-wxxw"
}
],
"source": {
"advisory": "GHSA-gvpp-v7mp-wxxw",
"discovery": "UNKNOWN"
},
"title": "Client Side Path Traversal using activate account route in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-22601",
"datePublished": "2025-02-04T20:53:11.983Z",
"dateReserved": "2025-01-07T15:07:26.775Z",
"dateUpdated": "2025-02-11T21:32:19.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37703
Vulnerability from cvelistv5
Published
2021-08-13 15:15
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user\u0027s read state for a topic such as the last read post number and the notification level is exposed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-13T15:15:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4"
}
],
"source": {
"advisory": "GHSA-gq2h-qhg2-phf9",
"discovery": "UNKNOWN"
},
"title": "Information exposure in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-37703",
"STATE": "PUBLIC",
"TITLE": "Information exposure in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.8"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user\u0027s read state for a topic such as the last read post number and the notification level is exposed."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9"
},
{
"name": "https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4"
}
]
},
"source": {
"advisory": "GHSA-gq2h-qhg2-phf9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-37703",
"datePublished": "2021-08-13T15:15:16",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39241
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.8.9"
},
{
"status": "affected",
"version": "\u003c= 2.9.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr"
}
],
"source": {
"advisory": "GHSA-rcc5-28r3-23rr",
"discovery": "UNKNOWN"
},
"title": "Possible Server-Side Request Forgery (SSRF) in webhooks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39241",
"datePublished": "2022-11-02T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:43.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43789
Vulnerability from cvelistv5
Published
2024-10-07 20:24
Modified
2024-10-08 18:11
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.3.1",
"status": "affected",
"version": "stable",
"versionType": "custom"
},
{
"lessThan": "3.4.0.beta1",
"status": "affected",
"version": "beta",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:04:18.753264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:11:24.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.3.1"
},
{
"status": "affected",
"version": "beta: \u003c 3.4.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:24:32.007Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq"
}
],
"source": {
"advisory": "GHSA-62cq-cpmc-hvqq",
"discovery": "UNKNOWN"
},
"title": "Denial of service by the absence of restrictions on replies to posts in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43789",
"datePublished": "2024-10-07T20:24:32.007Z",
"dateReserved": "2024-08-16T14:20:37.323Z",
"dateUpdated": "2024-10-08T18:11:24.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21684
Vulnerability from cvelistv5
Published
2022-01-13 21:05
Modified
2024-08-03 02:46
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.13"
},
{
"status": "affected",
"version": "\u003c 2.8.0.beta11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T21:05:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328"
}
],
"source": {
"advisory": "GHSA-p63q-jp48-h8xh",
"discovery": "UNKNOWN"
},
"title": "User can bypass approval when invited to Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21684",
"STATE": "PUBLIC",
"TITLE": "User can bypass approval when invited to Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.13"
},
{
"version_value": "\u003c 2.8.0.beta11"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p63q-jp48-h8xh"
},
{
"name": "https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/584c6a2e8bc705072b09a9c4b55126d6f8ed4ad2"
},
{
"name": "https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328",
"refsource": "MISC",
"url": "https://meta.discourse.org/t/invite-redemption-allowed-user-to-access-forum-before-approval/214328"
}
]
},
"source": {
"advisory": "GHSA-p63q-jp48-h8xh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21684",
"datePublished": "2022-01-13T21:05:11",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36466
Vulnerability from cvelistv5
Published
2023-07-14 21:14
Modified
2024-10-22 13:58
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:51:27.892562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:58:48.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.0.5"
},
{
"status": "affected",
"version": "beta \u003c 3.1.0.beta6"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.1.0.beta6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T21:14:01.476Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932"
}
],
"source": {
"advisory": "GHSA-4hjh-wg43-p932",
"discovery": "UNKNOWN"
},
"title": "Topic Title Validation Skipped When Changing Category in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36466",
"datePublished": "2023-07-14T21:14:01.476Z",
"dateReserved": "2023-06-21T18:50:41.700Z",
"dateUpdated": "2024-10-22T13:58:48.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24327
Vulnerability from cvelistv5
Published
2021-09-23 17:48
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1 | x_refsource_MISC | |
| https://github.com/discourse/discourse/pull/10509 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/10509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T17:53:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/10509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1",
"refsource": "MISC",
"url": "https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1"
},
{
"name": "https://github.com/discourse/discourse/pull/10509",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/10509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24327",
"datePublished": "2021-09-23T17:48:51",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31025
Vulnerability from cvelistv5
Published
2022-06-03 14:35
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-x7jh-mx5q-6f9q | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/16974 | x_refsource_MISC | |
| https://github.com/discourse/discourse/pull/16984 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x7jh-mx5q-6f9q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/16974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/16984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.4"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta1, \u003c= 2.9.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T14:35:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x7jh-mx5q-6f9q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/16974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/16984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9"
}
],
"source": {
"advisory": "GHSA-x7jh-mx5q-6f9q",
"discovery": "UNKNOWN"
},
"title": "Invite bypasses user approval in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31025",
"STATE": "PUBLIC",
"TITLE": "Invite bypasses user approval in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.4"
},
{
"version_value": "\u003e= 2.9.0.beta1, \u003c= 2.9.0.beta4"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-x7jh-mx5q-6f9q",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x7jh-mx5q-6f9q"
},
{
"name": "https://github.com/discourse/discourse/pull/16974",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/16974"
},
{
"name": "https://github.com/discourse/discourse/pull/16984",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/16984"
},
{
"name": "https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf"
},
{
"name": "https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9"
}
]
},
"source": {
"advisory": "GHSA-x7jh-mx5q-6f9q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31025",
"datePublished": "2022-06-03T14:35:12",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37693
Vulnerability from cvelistv5
Published
2021-08-13 15:15
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including reseting a password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-9377-96f4-cww4 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/fb14e50741a4880cda22244eded8858e2f5336ef | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9377-96f4-cww4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/fb14e50741a4880cda22244eded8858e2f5336ef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including reseting a password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-13T15:15:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9377-96f4-cww4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/fb14e50741a4880cda22244eded8858e2f5336ef"
}
],
"source": {
"advisory": "GHSA-9377-96f4-cww4",
"discovery": "UNKNOWN"
},
"title": "Re-use of email tokens in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-37693",
"STATE": "PUBLIC",
"TITLE": "Re-use of email tokens in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.8"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including reseting a password."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-613: Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-9377-96f4-cww4",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9377-96f4-cww4"
},
{
"name": "https://github.com/discourse/discourse/commit/fb14e50741a4880cda22244eded8858e2f5336ef",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/fb14e50741a4880cda22244eded8858e2f5336ef"
}
]
},
"source": {
"advisory": "GHSA-9377-96f4-cww4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-37693",
"datePublished": "2021-08-13T15:15:10",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32061
Vulnerability from cvelistv5
Published
2023-06-13 21:16
Modified
2025-01-02 21:04
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T21:03:20.395663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:04:09.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.4"
},
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T21:16:09.257Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g"
}
],
"source": {
"advisory": "GHSA-prx4-49m8-874g",
"discovery": "UNKNOWN"
},
"title": "Discourse Topic Creation Page Allows iFrame Tag without Restrictions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32061",
"datePublished": "2023-06-13T21:16:09.257Z",
"dateReserved": "2023-05-01T16:47:35.313Z",
"dateUpdated": "2025-01-02T21:04:09.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43794
Vulnerability from cvelistv5
Published
2021-12-01 19:40
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1 | x_refsource_MISC | |
| https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 2.7.11"
},
{
"status": "affected",
"version": "beta \u003c 2.8.0.beta9"
},
{
"status": "affected",
"version": "tests-passed \u003c 2.8.0.beta9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T19:40:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"
}
],
"source": {
"advisory": "GHSA-249g-pc77-65hp",
"discovery": "UNKNOWN"
},
"title": "Anonymous user cache poisoning via development-mode header in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43794",
"STATE": "PUBLIC",
"TITLE": "Anonymous user cache poisoning via development-mode header in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "stable \u003c 2.7.11"
},
{
"version_value": "beta \u003c 2.8.0.beta9"
},
{
"version_value": "tests-passed \u003c 2.8.0.beta9"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"
}
]
},
"source": {
"advisory": "GHSA-249g-pc77-65hp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43794",
"datePublished": "2021-12-01T19:40:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28440
Vulnerability from cvelistv5
Published
2023-04-18 20:40
Modified
2025-02-06 16:29
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:29:09.386052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:29:37.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.0.2"
},
{
"status": "affected",
"version": "beta: \u003c= 3.1.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:40:13.534Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w"
}
],
"source": {
"advisory": "GHSA-vm65-pv5h-6g3w",
"discovery": "UNKNOWN"
},
"title": "Denial of service via admin theme import route in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28440",
"datePublished": "2023-04-18T20:40:13.534Z",
"dateReserved": "2023-03-15T15:59:10.055Z",
"dateUpdated": "2025-02-06T16:29:37.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37467
Vulnerability from cvelistv5
Published
2023-07-28 14:42
Modified
2024-10-10 16:07
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j"
},
{
"name": "https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.1.0.beta7",
"status": "affected",
"version": "3.1.0.beta1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:33:32.643968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:07:05.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn\u0027t applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn\u0027t have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-28T14:42:06.159Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j"
},
{
"name": "https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25"
}
],
"source": {
"advisory": "GHSA-gr5h-hm62-jr3j",
"discovery": "UNKNOWN"
},
"title": "Discourse CSP nonce reuse vulnerability for anonymous users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37467",
"datePublished": "2023-07-28T14:42:06.159Z",
"dateReserved": "2023-07-06T13:01:36.998Z",
"dateUpdated": "2024-10-10T16:07:05.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23935
Vulnerability from cvelistv5
Published
2023-03-16 20:21
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message.
In the patched versions, the count of personal messages tagged with a given tag is hidden by default. To revert to the old behaviour of displaying the count of personal messages for a given tag, an admin may enable the `display_personal_messages_tag_counts` site setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:07.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7"
},
{
"name": "https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.0.1"
},
{
"status": "affected",
"version": "beta \u003c= 3.1.0.beta2"
},
{
"status": "affected",
"version": "tests-passed \u003c= 3.1.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message.\n\nIn the patched versions, the count of personal messages tagged with a given tag is hidden by default. To revert to the old behaviour of displaying the count of personal messages for a given tag, an admin may enable the `display_personal_messages_tag_counts` site setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T20:21:13.539Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rf8j-mf8c-82v7"
},
{
"name": "https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/f31f0b70f82c43d93220ce6fc0d4f57440452f37"
}
],
"source": {
"advisory": "GHSA-rf8j-mf8c-82v7",
"discovery": "UNKNOWN"
},
"title": "Presence of restricted personal Discourse messages may be leaked if tagged with a tag "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23935",
"datePublished": "2023-03-16T20:21:13.539Z",
"dateReserved": "2023-01-19T21:12:31.361Z",
"dateUpdated": "2024-08-02T10:49:07.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39385
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 12:07
Severity ?
EPSS score ?
Summary
Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gh5r-j595-qx48"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/a414520742da8dc9dc976d4fb7b72dbd445813bb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "Stable: \u003c= 2.8.10"
},
{
"status": "affected",
"version": "Beta: \u003c= 2.9.0.beta11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gh5r-j595-qx48"
},
{
"url": "https://github.com/discourse/discourse/commit/a414520742da8dc9dc976d4fb7b72dbd445813bb"
}
],
"source": {
"advisory": "GHSA-gh5r-j595-qx48",
"discovery": "UNKNOWN"
},
"title": "Users erroneously and transparently added to private messages in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39385",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:07:42.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36473
Vulnerability from cvelistv5
Published
2023-07-13 20:57
Modified
2024-10-21 21:09
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:42.742827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:09:43.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": " stable \u003e= 3.0.5"
},
{
"status": "affected",
"version": "beta \u003e= 3.1.0.beta6"
},
{
"status": "affected",
"version": "tests-passed \u003e= 3.1.0.beta6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T20:57:50.880Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq"
}
],
"source": {
"advisory": "GHSA-9f52-624j-8ppq",
"discovery": "UNKNOWN"
},
"title": "CSP nonce reuse vulnerability in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36473",
"datePublished": "2023-07-13T20:57:50.880Z",
"dateReserved": "2023-06-21T18:50:41.703Z",
"dateUpdated": "2024-10-21T21:09:43.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41042
Vulnerability from cvelistv5
Published
2023-09-15 19:26
Modified
2024-09-24 18:17
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:02:57.695767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:17:00.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.1.1"
},
{
"status": "affected",
"version": "beta \u003c 3.2.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.2.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T19:26:43.088Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254"
}
],
"source": {
"advisory": "GHSA-2fq5-x3mm-v254",
"discovery": "UNKNOWN"
},
"title": "Discourse DoS via remote theme assets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41042",
"datePublished": "2023-09-15T19:26:43.088Z",
"dateReserved": "2023-08-22T16:57:23.932Z",
"dateUpdated": "2024-09-24T18:17:00.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45147
Vulnerability from cvelistv5
Published
2023-10-16 20:26
Modified
2024-09-13 19:00
Severity ?
EPSS score ?
Summary
Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T18:58:49.242575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:00:16.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.1.1"
},
{
"status": "affected",
"version": "beta: \u003c= 3.2.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T20:26:25.200Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv"
}
],
"source": {
"advisory": "GHSA-wm89-m359-f9qv",
"discovery": "UNKNOWN"
},
"title": "Arbitrary keys can be added to a topic\u0027s custom fields by any user in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45147",
"datePublished": "2023-10-16T20:26:25.200Z",
"dateReserved": "2023-10-04T16:02:46.330Z",
"dateUpdated": "2024-09-13T19:00:16.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40588
Vulnerability from cvelistv5
Published
2023-09-15 19:23
Modified
2024-09-24 18:17
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:03:43.468887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:17:15.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.1.1"
},
{
"status": "affected",
"version": "beta \u003c 3.2.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.2.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T19:23:39.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx"
}
],
"source": {
"advisory": "GHSA-2hg5-3xm3-9vvx",
"discovery": "UNKNOWN"
},
"title": "Discourse DoS via 2FA and Security Key Names"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40588",
"datePublished": "2023-09-15T19:23:39.480Z",
"dateReserved": "2023-08-16T18:24:02.392Z",
"dateUpdated": "2024-09-24T18:17:15.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46168
Vulnerability from cvelistv5
Published
2023-01-05 17:18
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC'd on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/19724 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm"
},
{
"name": "https://github.com/discourse/discourse/pull/19724",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/19724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.14"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another\u0027s email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC\u0027d on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T17:18:58.143Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm"
},
{
"name": "https://github.com/discourse/discourse/pull/19724",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/19724"
}
],
"source": {
"advisory": "GHSA-8p7g-3wm6-p3rm",
"discovery": "UNKNOWN"
},
"title": "Group SMTP user emails are exposed in CC email header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-46168",
"datePublished": "2023-01-05T17:18:58.143Z",
"dateReserved": "2022-11-28T17:27:19.998Z",
"dateUpdated": "2024-08-03T14:24:03.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47121
Vulnerability from cvelistv5
Published
2023-11-10 15:13
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc"
},
{
"name": "https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1"
},
{
"name": "https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.3"
},
{
"status": "affected",
"version": "\u003e= 3.2.0.beta0, \u003c 3.2.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T15:13:42.254Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc"
},
{
"name": "https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1"
},
{
"name": "https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6"
}
],
"source": {
"advisory": "GHSA-hp24-94qf-8cgc",
"discovery": "UNKNOWN"
},
"title": "Discourse SSRF vulnerability in Embedding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47121",
"datePublished": "2023-11-10T15:13:42.254Z",
"dateReserved": "2023-10-30T19:57:51.675Z",
"dateUpdated": "2024-08-02T21:01:22.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37157
Vulnerability from cvelistv5
Published
2024-07-03 19:13
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T15:19:40.576374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:29:55.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68"
},
{
"name": "https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e"
},
{
"name": "https://github.com/discourse/discourse/commit/67e78086035cec494b15ce79342a0cb9052c2d95",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/67e78086035cec494b15ce79342a0cb9052c2d95"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.2.3"
},
{
"status": "affected",
"version": "beta \u003c 3.3.0.beta4"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.3.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T19:13:42.868Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68"
},
{
"name": "https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e"
},
{
"name": "https://github.com/discourse/discourse/commit/67e78086035cec494b15ce79342a0cb9052c2d95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/67e78086035cec494b15ce79342a0cb9052c2d95"
}
],
"source": {
"advisory": "GHSA-46pq-7958-fc68",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to Server-Side Request Forgery via FastImage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37157",
"datePublished": "2024-07-03T19:13:42.868Z",
"dateReserved": "2024-06-03T17:29:38.329Z",
"dateUpdated": "2024-08-02T03:50:55.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28112
Vulnerability from cvelistv5
Published
2023-03-17 18:35
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This affects any site running the `tests-passed` or `beta` branches versions 3.1.0.beta2 and prior. This issue is patched in version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-9897-x229-55gh | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/20710 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-9897-x229-55gh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9897-x229-55gh"
},
{
"name": "https://github.com/discourse/discourse/pull/20710",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20710"
},
{
"name": "https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "beta \u003c 3.1.0.beta3"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.1.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This affects any site running the `tests-passed` or `beta` branches versions 3.1.0.beta2 and prior. This issue is patched in version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T18:35:07.984Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-9897-x229-55gh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9897-x229-55gh"
},
{
"name": "https://github.com/discourse/discourse/pull/20710",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20710"
},
{
"name": "https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/39c2f63b35d90ebaf67b9604cf1d424e5984203c"
}
],
"source": {
"advisory": "GHSA-9897-x229-55gh",
"discovery": "UNKNOWN"
},
"title": "Discourse\u0027s SSRF protection missing for some FastImage requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28112",
"datePublished": "2023-03-17T18:35:07.984Z",
"dateReserved": "2023-03-10T18:34:29.227Z",
"dateUpdated": "2024-08-02T12:30:24.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24827
Vulnerability from cvelistv5
Published
2024-03-15 19:13
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` as smaller uploads require less resources to process. Alternatively, `client_max_body_size` can be reduced in Nginx to prevent large uploads from reaching the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.2.0",
"status": "affected",
"version": "stable",
"versionType": "custom"
},
{
"lessThan": "3.3.0beta1",
"status": "affected",
"version": "beta",
"versionType": "custom"
},
{
"lessThan": "3.3.0beta1",
"status": "affected",
"version": "tests_passed",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:12:35.581631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:13:32.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4"
},
{
"name": "https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.2.0"
},
{
"status": "affected",
"version": "beta \u003c 3.3.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.3.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` as smaller uploads require less resources to process. Alternatively, `client_max_body_size` can be reduced in Nginx to prevent large uploads from reaching the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:13:43.221Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4"
},
{
"name": "https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae"
}
],
"source": {
"advisory": "GHSA-58vw-246g-fjj4",
"discovery": "UNKNOWN"
},
"title": "No rate limits on POST /uploads endpoint in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24827",
"datePublished": "2024-03-15T19:13:43.221Z",
"dateReserved": "2024-01-31T16:28:17.945Z",
"dateUpdated": "2024-08-01T23:28:12.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24782
Vulnerability from cvelistv5
Published
2022-03-24 20:35
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user's post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse's GitHub repository and is anticipated to be part of future releases.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/16273 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/16273"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 2.8.2"
},
{
"status": "affected",
"version": "beta \u003c= 2.9.0.beta3"
},
{
"status": "affected",
"version": "tests-passed \u003c= 2.9.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user\u0027s post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse\u0027s GitHub repository and is anticipated to be part of future releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-24T20:35:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/16273"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"
}
],
"source": {
"advisory": "GHSA-c3cq-w899-f343",
"discovery": "UNKNOWN"
},
"title": "Secure category names leaked via user activity export in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24782",
"STATE": "PUBLIC",
"TITLE": "Secure category names leaked via user activity export in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "stable \u003c= 2.8.2"
},
{
"version_value": "beta \u003c= 2.9.0.beta3"
},
{
"version_value": "tests-passed \u003c= 2.9.0.beta3"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user\u0027s post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse\u0027s GitHub repository and is anticipated to be part of future releases."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"
},
{
"name": "https://github.com/discourse/discourse/pull/16273",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/16273"
},
{
"name": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"
}
]
},
"source": {
"advisory": "GHSA-c3cq-w899-f343",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24782",
"datePublished": "2022-03-24T20:35:10",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47120
Vulnerability from cvelistv5
Published
2023-11-10 15:09
Modified
2024-09-03 18:55
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3"
},
{
"name": "https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852"
},
{
"name": "https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.beta3",
"status": "affected",
"version": "3.1.0.beta6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T18:51:47.225796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:55:29.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.1.3"
},
{
"status": "affected",
"version": "\u003e= 3.1.0.beta6, \u003c 3.2.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T15:09:54.389Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3"
},
{
"name": "https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852"
},
{
"name": "https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce"
}
],
"source": {
"advisory": "GHSA-77cw-xhj8-hfp3",
"discovery": "UNKNOWN"
},
"title": "Discourse DoS through Onebox favicon URL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47120",
"datePublished": "2023-11-10T15:09:54.389Z",
"dateReserved": "2023-10-30T19:57:51.674Z",
"dateUpdated": "2024-09-03T18:55:29.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32301
Vulnerability from cvelistv5
Published
2023-06-13 21:35
Modified
2025-01-02 21:05
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T21:05:35.908295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:05:51.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.4"
},
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T21:35:38.188Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4"
}
],
"source": {
"advisory": "GHSA-p2jx-m2j5-hqh4",
"discovery": "UNKNOWN"
},
"title": "Discourse\u0027s canonical url not being used for topic embeddings"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32301",
"datePublished": "2023-06-13T21:35:38.188Z",
"dateReserved": "2023-05-08T13:26:03.877Z",
"dateUpdated": "2025-01-02T21:05:51.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41163
Vulnerability from cvelistv5
Published
2021-10-20 22:30
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "tests-passed \u003c 2.8.0.beta7"
},
{
"status": "affected",
"version": "beta \u003c 2.8.0.beta7"
},
{
"status": "affected",
"version": "stable \u003c 2.7.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T22:30:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9"
}
],
"source": {
"advisory": "GHSA-jcjx-pvpc-qgwq",
"discovery": "UNKNOWN"
},
"title": "RCE via malicious SNS subscription payload",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41163",
"STATE": "PUBLIC",
"TITLE": "RCE via malicious SNS subscription payload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "tests-passed \u003c 2.8.0.beta7"
},
{
"version_value": "beta \u003c 2.8.0.beta7"
},
{
"version_value": "stable \u003c 2.7.9"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq"
},
{
"name": "https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9"
}
]
},
"source": {
"advisory": "GHSA-jcjx-pvpc-qgwq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41163",
"datePublished": "2021-10-20T22:30:14",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36122
Vulnerability from cvelistv5
Published
2024-07-03 19:10
Modified
2024-08-02 03:30
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:23:31.616237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T14:23:41.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f"
},
{
"name": "https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4"
},
{
"name": "https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.2.3"
},
{
"status": "affected",
"version": "beta \u003c 3.3.0.beta4"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.3.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T19:10:45.955Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f"
},
{
"name": "https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4"
},
{
"name": "https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47"
}
],
"source": {
"advisory": "GHSA-rr93-hcw4-cv3f",
"discovery": "UNKNOWN"
},
"title": "Discourse doesn\u0027t limit reviewable user serializer payload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36122",
"datePublished": "2024-07-03T19:10:45.955Z",
"dateReserved": "2024-05-20T21:07:48.189Z",
"dateUpdated": "2024-08-02T03:30:13.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36066
Vulnerability from cvelistv5
Published
2022-09-29 19:35
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/18421 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/18421"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.9"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T19:35:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/18421"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835"
}
],
"source": {
"advisory": "GHSA-grvh-qcpg-hfmv",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to RCE via admins uploading maliciously zipped file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36066",
"STATE": "PUBLIC",
"TITLE": "Discourse vulnerable to RCE via admins uploading maliciously zipped file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.9"
},
{
"version_value": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta10"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv"
},
{
"name": "https://github.com/discourse/discourse/pull/18421",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/18421"
},
{
"name": "https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835"
}
]
},
"source": {
"advisory": "GHSA-grvh-qcpg-hfmv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36066",
"datePublished": "2022-09-29T19:35:09",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41095
Vulnerability from cvelistv5
Published
2021-09-27 19:30
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. As a workaround, avoid modifying or disabling Discourse’s default Content Security Policy, and blocking watched words containing HTML tags.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.7.7"
},
{
"status": "affected",
"version": "\u003e= 2.8.0.beta1, \u003c= 2.8.0.beta6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse\u0027s default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. As a workaround, avoid modifying or disabling Discourse\u2019s default Content Security Policy, and blocking watched words containing HTML tags."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T19:30:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59"
}
],
"source": {
"advisory": "GHSA-qvqx-2h7w-m479",
"discovery": "UNKNOWN"
},
"title": "XSS via blocked watched word in error message",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41095",
"STATE": "PUBLIC",
"TITLE": "XSS via blocked watched word in error message"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c= 2.7.7"
},
{
"version_value": "\u003e= 2.8.0.beta1, \u003c= 2.8.0.beta6"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse\u0027s default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. As a workaround, avoid modifying or disabling Discourse\u2019s default Content Security Policy, and blocking watched words containing HTML tags."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qvqx-2h7w-m479"
},
{
"name": "https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/14434/commits/40b776b9d39c41d9273d01eecf8fe03aa39fcb59"
}
]
},
"source": {
"advisory": "GHSA-qvqx-2h7w-m479",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41095",
"datePublished": "2021-09-27T19:30:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48297
Vulnerability from cvelistv5
Published
2024-01-12 20:35
Modified
2024-08-02 21:23
Severity ?
EPSS score ?
Summary
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.4"
},
{
"status": "affected",
"version": "\u003e= 3.2.0beta1, \u003c 3.2.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T20:35:02.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37"
}
],
"source": {
"advisory": "GHSA-hf2v-r5xm-8p37",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to unlimited mentioned users in message serializer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48297",
"datePublished": "2024-01-12T20:35:02.394Z",
"dateReserved": "2023-11-14T17:41:15.570Z",
"dateUpdated": "2024-08-02T21:23:39.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3138
Vulnerability from cvelistv5
Published
2021-01-14 03:30
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/releases | x_refsource_MISC | |
| https://github.com/Mesh3l911/Disource | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/Disource"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-21T16:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/Disource"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/releases",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/releases"
},
{
"name": "https://github.com/Mesh3l911/Disource",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/Disource"
},
{
"name": "http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3138",
"datePublished": "2021-01-14T03:30:11",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T16:45:51.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32788
Vulnerability from cvelistv5
Published
2021-07-27 21:40
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v6xg-q577-vc92"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/680024f9071b7696e5a444a58791016c6dc1f1e5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/dbdf61196d9e964e8823793d2e7f856595fea4d9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T21:40:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v6xg-q577-vc92"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/680024f9071b7696e5a444a58791016c6dc1f1e5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/dbdf61196d9e964e8823793d2e7f856595fea4d9"
}
],
"source": {
"advisory": "GHSA-v6xg-q577-vc92",
"discovery": "UNKNOWN"
},
"title": "Post creator of a whisper post can be revealed to non-staff users in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32788",
"STATE": "PUBLIC",
"TITLE": "Post creator of a whisper post can be revealed to non-staff users in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.7"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-v6xg-q577-vc92",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v6xg-q577-vc92"
},
{
"name": "https://github.com/discourse/discourse/commit/680024f9071b7696e5a444a58791016c6dc1f1e5",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/680024f9071b7696e5a444a58791016c6dc1f1e5"
},
{
"name": "https://github.com/discourse/discourse/commit/dbdf61196d9e964e8823793d2e7f856595fea4d9",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/dbdf61196d9e964e8823793d2e7f856595fea4d9"
}
]
},
"source": {
"advisory": "GHSA-v6xg-q577-vc92",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32788",
"datePublished": "2021-07-27T21:40:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45806
Vulnerability from cvelistv5
Published
2023-11-10 14:43
Modified
2024-09-03 17:43
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the "bleeding" by ensuring users only use alphanumeric characters in their full name field.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78"
},
{
"name": "https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863"
},
{
"name": "https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:40:18.021358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:43:41.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.3"
},
{
"status": "affected",
"version": "\u003e= 3.2.0.beta0, \u003c 3.2.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they\u0027ve been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the \"bleeding\" by ensuring users only use alphanumeric characters in their full name field."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T15:11:12.245Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78"
},
{
"name": "https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863"
},
{
"name": "https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e"
}
],
"source": {
"advisory": "GHSA-hcgf-hg2g-mw78",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to DoS via Regexp Injection in Full Name"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45806",
"datePublished": "2023-11-10T14:43:37.657Z",
"dateReserved": "2023-10-13T12:00:50.436Z",
"dateUpdated": "2024-09-03T17:43:41.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27085
Vulnerability from cvelistv5
Published
2024-03-15 19:22
Modified
2024-08-21 23:12
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6"
},
{
"name": "https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T23:12:31.618807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T23:12:39.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.2.0"
},
{
"status": "affected",
"version": "beta \u003c= 3.3.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c= 3.3.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:22:46.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6"
},
{
"name": "https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295"
}
],
"source": {
"advisory": "GHSA-cvp5-h7p8-mjj6",
"discovery": "UNKNOWN"
},
"title": "Denial of service through invites in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27085",
"datePublished": "2024-03-15T19:22:46.937Z",
"dateReserved": "2024-02-19T14:43:05.992Z",
"dateUpdated": "2024-08-21T23:12:39.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1020017
Vulnerability from cvelistv5
Published
2019-07-29 12:25
Modified
2024-08-05 03:14
Severity ?
EPSS score ?
Summary
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Discourse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.0"
},
{
"status": "affected",
"version": "2.4.0.beta1"
},
{
"status": "affected",
"version": "2.4.0.beta2"
},
{
"status": "affected",
"version": "fixed in 2.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "lacks a confirmation screen",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T18:56:05",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.3.0"
},
{
"version_value": "2.4.0.beta1"
},
{
"version_value": "2.4.0.beta2"
},
{
"version_value": "fixed in 2.4.0.beta3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lacks a confirmation screen"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"name": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020017",
"datePublished": "2019-07-29T12:25:59",
"dateReserved": "2019-07-26T00:00:00",
"dateUpdated": "2024-08-05T03:14:15.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31096
Vulnerability from cvelistv5
Published
2022-06-27 21:35
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.5; stable branch"
},
{
"status": "affected",
"version": "\u003c 2.9.0.beta6; beta brach"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn\u0027t match the invite\u0027s email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T21:35:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r"
}
],
"source": {
"advisory": "GHSA-rvp8-459h-282r",
"discovery": "UNKNOWN"
},
"title": "Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31096",
"STATE": "PUBLIC",
"TITLE": "Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.5; stable branch"
},
{
"version_value": "\u003c 2.9.0.beta6; beta brach"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn\u0027t match the invite\u0027s email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281: Improper Preservation of Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r"
}
]
},
"source": {
"advisory": "GHSA-rvp8-459h-282r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31096",
"datePublished": "2022-06-27T21:35:10",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43659
Vulnerability from cvelistv5
Published
2023-10-16 21:05
Modified
2024-09-16 15:51
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph | x_refsource_CONFIRM | |
| https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "stable",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.2.0.beta1",
"status": "affected",
"version": "beta",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T15:22:33.825905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:51:43.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.1.1"
},
{
"status": "affected",
"version": "beta \u003c= 3.2.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T21:05:31.991Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
}
],
"source": {
"advisory": "GHSA-g4qg-5q2h-m8ph",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting via email preview when CSP disabled in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43659",
"datePublished": "2023-10-16T21:05:31.991Z",
"dateReserved": "2023-09-20T15:35:38.148Z",
"dateUpdated": "2024-09-16T15:51:43.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41944
Vulnerability from cvelistv5
Published
2022-11-28 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441f92f693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.12"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-28T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2"
},
{
"url": "https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441f92f693"
}
],
"source": {
"advisory": "GHSA-354r-jpj5-53c2",
"discovery": "UNKNOWN"
},
"title": "Discourse users can see notifications for topics they no longer have access to"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41944",
"datePublished": "2022-11-28T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-53994
Vulnerability from cvelistv5
Published
2025-02-04 21:12
Modified
2025-02-04 21:41
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:41:10.615764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:41:27.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.2"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta3"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:12:23.126Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6"
}
],
"source": {
"advisory": "GHSA-mrpw-gwj7-98r6",
"discovery": "UNKNOWN"
},
"title": "Potential bypass of chat permissions in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53994",
"datePublished": "2025-02-04T21:12:23.126Z",
"dateReserved": "2024-11-25T23:14:36.382Z",
"dateUpdated": "2025-02-04T21:41:27.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22453
Vulnerability from cvelistv5
Published
2023-01-05 19:53
Modified
2024-08-02 10:13
Severity ?
EPSS score ?
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-xx97-6494-p2rv | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-xx97-6494-p2rv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xx97-6494-p2rv"
},
{
"name": "https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.14"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 3.0.0.beta16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T19:53:34.180Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-xx97-6494-p2rv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xx97-6494-p2rv"
},
{
"name": "https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad"
}
],
"source": {
"advisory": "GHSA-xx97-6494-p2rv",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to exposure of user post counts per topic to unauthorized users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22453",
"datePublished": "2023-01-05T19:53:34.180Z",
"dateReserved": "2022-12-29T03:00:40.877Z",
"dateUpdated": "2024-08-02T10:13:48.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45297
Vulnerability from cvelistv5
Published
2024-10-07 20:24
Modified
2024-10-08 18:13
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-58xw-3qr3-53gp | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "stable",
"versionType": "custom"
},
{
"lessThan": "3.4.0.beta2",
"status": "affected",
"version": "beta",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:12:03.791405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:13:28.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.3.2"
},
{
"status": "affected",
"version": "beta: \u003c 3.4.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:24:05.044Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-58xw-3qr3-53gp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-58xw-3qr3-53gp"
}
],
"source": {
"advisory": "GHSA-58xw-3qr3-53gp",
"discovery": "UNKNOWN"
},
"title": "Prevent topic list filtering by hidden tags for unauthorized users in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45297",
"datePublished": "2024-10-07T20:24:05.044Z",
"dateReserved": "2024-08-26T18:25:35.443Z",
"dateUpdated": "2024-10-08T18:13:28.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38360
Vulnerability from cvelistv5
Published
2024-07-15 19:43
Modified
2024-08-02 04:04
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current betas. Users are advised to upgrade. Users unable to upgrade may manually remove the long watched words either via SQL or Rails console.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-68pm-hm8x-pq2p | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T13:22:15.420655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T13:22:27.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-68pm-hm8x-pq2p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-68pm-hm8x-pq2p"
},
{
"name": "https://github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.2.2"
},
{
"status": "affected",
"version": "beta \u003c= 3.3.0.beta2"
},
{
"status": "affected",
"version": "tests-passed \u003c= 3.3.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current betas. Users are advised to upgrade. Users unable to upgrade may manually remove the long watched words either via SQL or Rails console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:43:04.811Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-68pm-hm8x-pq2p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-68pm-hm8x-pq2p"
},
{
"name": "https://github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990"
}
],
"source": {
"advisory": "GHSA-68pm-hm8x-pq2p",
"discovery": "UNKNOWN"
},
"title": "Denial of service via Watched Words in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38360",
"datePublished": "2024-07-15T19:43:04.811Z",
"dateReserved": "2024-06-14T14:16:16.465Z",
"dateUpdated": "2024-08-02T04:04:25.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46148
Vulnerability from cvelistv5
Published
2022-11-29 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c5h6-6gg5-84fh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.8.10"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta1, \u003c= 2.9.0.beta11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse\u2019s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c5h6-6gg5-84fh"
}
],
"source": {
"advisory": "GHSA-c5h6-6gg5-84fh",
"discovery": "UNKNOWN"
},
"title": "Discourse allows self-XSS through malicious composer message"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-46148",
"datePublished": "2022-11-29T00:00:00",
"dateReserved": "2022-11-28T00:00:00",
"dateUpdated": "2024-08-03T14:24:03.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46150
Vulnerability from cvelistv5
Published
2022-11-29 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.13"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv"
},
{
"url": "https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b"
}
],
"source": {
"advisory": "GHSA-rqvq-94h8-p5wv",
"discovery": "UNKNOWN"
},
"title": "Discourse may allow exposure of hidden tags in the subject of notification emails"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-46150",
"datePublished": "2022-11-29T00:00:00",
"dateReserved": "2022-11-28T00:00:00",
"dateUpdated": "2024-08-03T14:24:03.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24850
Vulnerability from cvelistv5
Published
2022-04-14 21:25
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.3"
},
{
"status": "affected",
"version": "\u003c 2.9.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A category\u0027s group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T21:25:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf"
}
],
"source": {
"advisory": "GHSA-34xr-ff4w-mcpf",
"discovery": "UNKNOWN"
},
"title": "Category group permissions leaked in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24850",
"STATE": "PUBLIC",
"TITLE": "Category group permissions leaked in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.3"
},
{
"version_value": "\u003c 2.9.0.beta4"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. A category\u0027s group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf"
}
]
},
"source": {
"advisory": "GHSA-34xr-ff4w-mcpf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24850",
"datePublished": "2022-04-14T21:25:09",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15515
Vulnerability from cvelistv5
Published
2019-08-26 17:20
Modified
2024-08-05 00:49
Severity ?
EPSS score ?
Summary
Discourse 2.3.2 sends the CSRF token in the query string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/pull/8026 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/8026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse 2.3.2 sends the CSRF token in the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T17:20:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/8026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse 2.3.2 sends the CSRF token in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/pull/8026",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/8026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15515",
"datePublished": "2019-08-26T17:20:21",
"dateReserved": "2019-08-23T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39226
Vulnerability from cvelistv5
Published
2022-09-29 20:05
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/18302 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/18302"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.9"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T20:05:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/18302"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"
}
],
"source": {
"advisory": "GHSA-jw3q-xg5g-qjrw",
"discovery": "UNKNOWN"
},
"title": "Discourse user profile location and website fields were not sufficiently length-limited",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39226",
"STATE": "PUBLIC",
"TITLE": "Discourse user profile location and website fields were not sufficiently length-limited"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.9"
},
{
"version_value": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta10"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"
},
{
"name": "https://github.com/discourse/discourse/pull/18302",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/18302"
},
{
"name": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"
}
]
},
"source": {
"advisory": "GHSA-jw3q-xg5g-qjrw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39226",
"datePublished": "2022-09-29T20:05:11",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:43.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-56328
Vulnerability from cvelistv5
Published
2025-02-04 20:55
Modified
2025-02-12 14:03
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-j855-mhxj-x6vg | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:03:51.281093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:03:59.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.3"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta3"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users\u0027 browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:55:17.223Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j855-mhxj-x6vg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j855-mhxj-x6vg"
}
],
"source": {
"advisory": "GHSA-j855-mhxj-x6vg",
"discovery": "UNKNOWN"
},
"title": "HTMLi(XSS without CSP) via Onebox urls in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-56328",
"datePublished": "2025-02-04T20:55:17.223Z",
"dateReserved": "2024-12-19T18:34:22.764Z",
"dateUpdated": "2025-02-12T14:03:59.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31182
Vulnerability from cvelistv5
Published
2022-08-01 19:40
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6pp | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6pp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.7"
},
{
"status": "affected",
"version": "\u003c 2.9.0.beta8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse\u0027s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404: Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T19:40:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6pp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50"
}
],
"source": {
"advisory": "GHSA-4ff8-3j78-w6pp",
"discovery": "UNKNOWN"
},
"title": "Cache poisoning via maliciously-formed request in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31182",
"STATE": "PUBLIC",
"TITLE": "Cache poisoning via maliciously-formed request in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.7"
},
{
"version_value": "\u003c 2.9.0.beta8"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse\u0027s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404: Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6pp",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6pp"
},
{
"name": "https://github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50"
}
]
},
"source": {
"advisory": "GHSA-4ff8-3j78-w6pp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31182",
"datePublished": "2022-08-01T19:40:10",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21642
Vulnerability from cvelistv5
Published
2022-01-05 19:05
Modified
2024-08-03 02:46
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.13"
},
{
"status": "affected",
"version": "\u003c 2.8.0.beta11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-05T19:05:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa"
}
],
"source": {
"advisory": "GHSA-mx3h-vc7w-r9c6",
"discovery": "UNKNOWN"
},
"title": "Exposure of whisper participants in discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21642",
"STATE": "PUBLIC",
"TITLE": "Exposure of whisper participants in discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.13"
},
{
"version_value": "\u003c 2.8.0.beta11"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6"
},
{
"name": "https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa"
}
]
},
"source": {
"advisory": "GHSA-mx3h-vc7w-r9c6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21642",
"datePublished": "2022-01-05T19:05:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47772
Vulnerability from cvelistv5
Published
2024-10-07 20:50
Modified
2024-10-08 14:26
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-67mh-xhmf-c56h | x_refsource_CONFIRM | |
| https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.0_beta2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:23:25.185548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:26:22.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.3.2"
},
{
"status": "affected",
"version": "tests-passed: \u003c 3.4.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users\u0027 browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:50:33.324Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-67mh-xhmf-c56h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-67mh-xhmf-c56h"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
}
],
"source": {
"advisory": "GHSA-67mh-xhmf-c56h",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47772",
"datePublished": "2024-10-07T20:50:33.324Z",
"dateReserved": "2024-09-30T21:28:53.233Z",
"dateUpdated": "2024-10-08T14:26:22.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28242
Vulnerability from cvelistv5
Published
2024-03-15 19:21
Modified
2024-08-26 15:02
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThanOrEqual": "3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.3.0.beta1",
"status": "affected",
"version": "beta",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.3.0.beta1",
"status": "affected",
"version": "tests-passed",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T15:05:16.606591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:02:31.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23"
},
{
"name": "https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.2.0"
},
{
"status": "affected",
"version": "beta \u003c= 3.3.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c= 3.3.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:21:01.130Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23"
},
{
"name": "https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39"
}
],
"source": {
"advisory": "GHSA-c7q7-7f6q-2c23",
"discovery": "UNKNOWN"
},
"title": "Disclosure of the existence of secret categories with custom backgrounds in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28242",
"datePublished": "2024-03-15T19:21:01.130Z",
"dateReserved": "2024-03-07T14:33:30.035Z",
"dateUpdated": "2024-08-26T15:02:31.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38498
Vulnerability from cvelistv5
Published
2023-07-28 15:18
Modified
2024-10-10 16:04
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j"
},
{
"name": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:32:58.730882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:04:31.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta7"
},
{
"status": "affected",
"version": "\u003c 3.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-28T15:18:18.903Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j"
},
{
"name": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182"
}
],
"source": {
"advisory": "GHSA-wv29-rm3f-4g2j",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to DoS via defer queue"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38498",
"datePublished": "2023-07-28T15:18:18.903Z",
"dateReserved": "2023-07-18T16:28:12.076Z",
"dateUpdated": "2024-10-10T16:04:31.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49099
Vulnerability from cvelistv5
Published
2024-01-12 20:53
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4"
},
{
"name": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.4"
},
{
"status": "affected",
"version": "\u003e= 3.2.0beta1, \u003c 3.2.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T20:53:53.163Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4"
},
{
"name": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53"
}
],
"source": {
"advisory": "GHSA-j67x-x6mq-pwv4",
"discovery": "UNKNOWN"
},
"title": "Discourse secure uploads accessible to guests even when login is required"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49099",
"datePublished": "2024-01-12T20:53:53.163Z",
"dateReserved": "2023-11-21T18:57:30.430Z",
"dateUpdated": "2024-08-02T21:46:29.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36818
Vulnerability from cvelistv5
Published
2023-07-14 21:16
Modified
2024-10-18 17:39
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm"
},
{
"name": "https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T17:29:40.312908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T17:39:21.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "= 3.1.0beta5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T21:16:14.912Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm"
},
{
"name": "https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff"
}
],
"source": {
"advisory": "GHSA-gxqx-3q2p-37gm",
"discovery": "UNKNOWN"
},
"title": "Denial of service via User Custom Sidebar Section Unlimited Link Creation in discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36818",
"datePublished": "2023-07-14T21:16:14.912Z",
"dateReserved": "2023-06-27T15:43:18.385Z",
"dateUpdated": "2024-10-18T17:39:21.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38685
Vulnerability from cvelistv5
Published
2023-07-28 15:27
Modified
2024-10-10 16:01
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5"
},
{
"name": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:29:33.490957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:01:52.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta7"
},
{
"status": "affected",
"version": "\u003c 3.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-28T15:27:19.780Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5"
},
{
"name": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b"
}
],
"source": {
"advisory": "GHSA-wx6x-q4gp-mgv5",
"discovery": "UNKNOWN"
},
"title": "Discourse\u0027s restricted tag information visible to unauthenticated users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38685",
"datePublished": "2023-07-28T15:27:19.780Z",
"dateReserved": "2023-07-24T16:19:28.363Z",
"dateUpdated": "2024-10-10T16:01:52.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28107
Vulnerability from cvelistv5
Published
2023-03-17 16:23
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/20700 | x_refsource_MISC | |
| https://github.com/discourse/discourse/pull/20701 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx"
},
{
"name": "https://github.com/discourse/discourse/pull/20700",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20700"
},
{
"name": "https://github.com/discourse/discourse/pull/20701",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20701"
},
{
"name": "https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9"
},
{
"name": "https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.0.2"
},
{
"status": "affected",
"version": "beta \u003c 3.1.0.beta3"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.1.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T16:23:31.324Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx"
},
{
"name": "https://github.com/discourse/discourse/pull/20700",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20700"
},
{
"name": "https://github.com/discourse/discourse/pull/20701",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20701"
},
{
"name": "https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9"
},
{
"name": "https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61"
}
],
"source": {
"advisory": "GHSA-cp7c-fm4c-6xxx",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to multisite DoS by spamming backups"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28107",
"datePublished": "2023-03-17T16:23:31.324Z",
"dateReserved": "2023-03-10T18:34:29.227Z",
"dateUpdated": "2024-08-02T12:30:24.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25819
Vulnerability from cvelistv5
Published
2023-03-04 00:11
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q"
},
{
"name": "https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches \u003e= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-04T00:11:15.601Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q"
},
{
"name": "https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831"
}
],
"source": {
"advisory": "GHSA-xx2h-mwm7-hq6q",
"discovery": "UNKNOWN"
},
"title": "Discourse tags with no visibility are leaking into og:article:tag"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25819",
"datePublished": "2023-03-04T00:11:15.601Z",
"dateReserved": "2023-02-15T16:34:48.774Z",
"dateUpdated": "2024-08-02T11:32:12.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23548
Vulnerability from cvelistv5
Published
2023-01-05 00:00
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/19737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.14"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf"
},
{
"url": "https://github.com/discourse/discourse/pull/19737"
}
],
"source": {
"advisory": "GHSA-7rw2-f4x7-7pxf",
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23548",
"datePublished": "2023-01-05T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:43:46.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39161
Vulnerability from cvelistv5
Published
2021-08-26 20:00
Modified
2024-08-04 01:58
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.8 "
},
{
"status": "affected",
"version": "\u003e= 2.8.0.beta1, \u003c 2.8.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse\u0027s default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse\u0027s default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T20:00:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph"
}
],
"source": {
"advisory": "GHSA-xhmc-9jwm-wqph",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting via category name in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39161",
"STATE": "PUBLIC",
"TITLE": "Cross-site scripting via category name in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.8 "
},
{
"version_value": "\u003e= 2.8.0.beta1, \u003c 2.8.0.beta4"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse\u0027s default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse\u0027s default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph"
}
]
},
"source": {
"advisory": "GHSA-xhmc-9jwm-wqph",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39161",
"datePublished": "2021-08-26T20:00:11",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22740
Vulnerability from cvelistv5
Published
2023-01-27 00:39
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224"
},
{
"name": "https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "beta \u003c 3.1.0.beta1; tests-passed \u003c 3.1.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:39:52.641Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224"
},
{
"name": "https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576"
}
],
"source": {
"advisory": "GHSA-pwj4-rf62-p224",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22740",
"datePublished": "2023-01-27T00:39:52.641Z",
"dateReserved": "2023-01-06T14:21:05.892Z",
"dateUpdated": "2024-08-02T10:20:30.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35227
Vulnerability from cvelistv5
Published
2024-07-03 17:39
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.3.0.beta3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:20:00.350600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T17:57:30.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c"
},
{
"name": "https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b"
},
{
"name": "https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.2.3"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.3.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:39:26.390Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c"
},
{
"name": "https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b"
},
{
"name": "https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36"
}
],
"source": {
"advisory": "GHSA-664f-xwjw-752c",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to DoS through Onebox"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35227",
"datePublished": "2024-07-03T17:39:38.293Z",
"dateReserved": "2024-05-14T15:39:41.784Z",
"dateUpdated": "2024-08-02T03:07:46.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39378
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.8.9"
},
{
"status": "affected",
"version": "\u003c= 2.9.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user\u0027s activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f"
}
],
"source": {
"advisory": "GHSA-2gvq-27h6-4h5f",
"discovery": "UNKNOWN"
},
"title": "Displaying user badges can leak topic titles to users that have no access to the topic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39378",
"datePublished": "2022-11-02T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47773
Vulnerability from cvelistv5
Published
2024-10-08 18:01
Modified
2024-10-08 18:16
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-58vv-9j8h-hw2v | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:14:56.982104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:16:18.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.3.2"
},
{
"status": "affected",
"version": "tests-passed: \u003c 3.4.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:01:14.063Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-58vv-9j8h-hw2v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-58vv-9j8h-hw2v"
}
],
"source": {
"advisory": "GHSA-58vv-9j8h-hw2v",
"discovery": "UNKNOWN"
},
"title": "Anonymous cache poisoning via XHR requests in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47773",
"datePublished": "2024-10-08T18:01:14.063Z",
"dateReserved": "2024-09-30T21:28:53.233Z",
"dateUpdated": "2024-10-08T18:16:18.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23615
Vulnerability from cvelistv5
Published
2023-02-03 21:57
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.1"
},
{
"status": "affected",
"version": "\u003c 3.1.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T21:57:29.878Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7mf3-5v84-wxq8"
}
],
"source": {
"advisory": "GHSA-7mf3-5v84-wxq8",
"discovery": "UNKNOWN"
},
"title": "Malicious users in Discourse can create spam topics as any user due to improper access control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23615",
"datePublished": "2023-02-03T21:57:29.878Z",
"dateReserved": "2023-01-16T17:07:46.242Z",
"dateUpdated": "2024-08-02T10:35:33.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-56197
Vulnerability from cvelistv5
Published
2025-02-04 20:59
Modified
2025-02-05 15:06
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the "PM tags allowed for groups" option.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-xmgr-g9cp-v239 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T15:05:52.844134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:06:02.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.3"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta4"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the \"PM tags allowed for groups\" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the \"PM tags allowed for groups\" option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:59:13.464Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-xmgr-g9cp-v239",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xmgr-g9cp-v239"
}
],
"source": {
"advisory": "GHSA-xmgr-g9cp-v239",
"discovery": "UNKNOWN"
},
"title": "Users can see other user\u0027s tagged PMs in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-56197",
"datePublished": "2025-02-04T20:59:13.464Z",
"dateReserved": "2024-12-18T18:29:25.895Z",
"dateUpdated": "2025-02-05T15:06:02.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44388
Vulnerability from cvelistv5
Published
2023-10-16 21:11
Modified
2024-09-16 15:42
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq | x_refsource_CONFIRM | |
| http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:32.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"
},
{
"name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.beta2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:58:50.184229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:42:30.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.1.1"
},
{
"status": "affected",
"version": "beta \u003c= 3.2.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T21:11:26.719Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"
},
{
"name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size",
"tags": [
"x_refsource_MISC"
],
"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"
}
],
"source": {
"advisory": "GHSA-89h3-g746-xmwq",
"discovery": "UNKNOWN"
},
"title": "Malicious requests can fill up the log files resulting in a deinal of service in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44388",
"datePublished": "2023-10-16T21:11:26.719Z",
"dateReserved": "2023-09-28T17:56:32.613Z",
"dateUpdated": "2024-09-16T15:42:30.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41921
Vulnerability from cvelistv5
Published
2022-11-28 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mfh7-6cv6-qccc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/3de765c89524a526ce611e11468d758a471a933f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.0.beta13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-28T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-mfh7-6cv6-qccc"
},
{
"url": "https://github.com/discourse/discourse/commit/3de765c89524a526ce611e11468d758a471a933f"
}
],
"source": {
"advisory": "GHSA-mfh7-6cv6-qccc",
"discovery": "UNKNOWN"
},
"title": "Discourse chat messages should have a maximum character limit"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41921",
"datePublished": "2022-11-28T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43850
Vulnerability from cvelistv5
Published
2022-01-04 19:35
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.12"
},
{
"status": "affected",
"version": "\u003e= 2.8.0.beta, \u003c 2.8.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-04T19:35:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39"
}
],
"source": {
"advisory": "GHSA-59jr-pj65-qmvr",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43850",
"STATE": "PUBLIC",
"TITLE": "Denial of Service in discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.12"
},
{
"version_value": "\u003e= 2.8.0.beta, \u003c 2.8.0.beta10"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr"
},
{
"name": "https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39"
}
]
},
"source": {
"advisory": "GHSA-59jr-pj65-qmvr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43850",
"datePublished": "2022-01-04T19:35:11",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46130
Vulnerability from cvelistv5
Published
2023-11-10 14:54
Modified
2024-09-03 18:57
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg"
},
{
"name": "https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb"
},
{
"name": "https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T18:52:40.873665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:57:10.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.3"
},
{
"status": "affected",
"version": "\u003e= 3.2.0.beta0, \u003c 3.2.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T15:10:22.312Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg"
},
{
"name": "https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb"
},
{
"name": "https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800"
}
],
"source": {
"advisory": "GHSA-c876-638r-vfcg",
"discovery": "UNKNOWN"
},
"title": "Bypassing height value allowed in some theme components"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46130",
"datePublished": "2023-11-10T14:54:48.828Z",
"dateReserved": "2023-10-16T17:51:35.573Z",
"dateUpdated": "2024-09-03T18:57:10.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24748
Vulnerability from cvelistv5
Published
2024-03-15 19:15
Modified
2024-08-27 19:43
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x"
},
{
"name": "https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThanOrEqual": "3.2.0",
"status": "affected",
"version": "stable",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.3.0.beta1",
"status": "affected",
"version": "beta",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.3.0.beta1",
"status": "affected",
"version": "tests-passed",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T19:41:37.293373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:43:50.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.2.0"
},
{
"status": "affected",
"version": "beta \u003c= 3.3.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c= 3.3.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:15:17.121Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x"
},
{
"name": "https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193"
}
],
"source": {
"advisory": "GHSA-3qh8-xw23-cq4x",
"discovery": "UNKNOWN"
},
"title": "Disclosure of the existence of secret subcategories in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24748",
"datePublished": "2024-03-15T19:15:17.121Z",
"dateReserved": "2024-01-29T20:51:26.009Z",
"dateUpdated": "2024-08-27T19:43:50.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-53991
Vulnerability from cvelistv5
Published
2024-12-19 19:11
Modified
2024-12-20 20:43
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick nginx into sending the Discourse backup file with a well crafted request. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade can either 1. Download all local backups on to another storage device, disable the `enable_backups` site setting and delete all backups until the site has been upgraded to pull in the fix. Or 2. Change the `backup_location` site setting to `s3` so that backups are stored and downloaded directly from S3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-567m-82f6-56rv | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:43:01.409148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:43:11.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.2"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta3"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick nginx into sending the Discourse backup file with a well crafted request. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade can either 1. Download all local backups on to another storage device, disable the `enable_backups` site setting and delete all backups until the site has been upgraded to pull in the fix. Or 2. Change the `backup_location` site setting to `s3` so that backups are stored and downloaded directly from S3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T19:11:20.590Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-567m-82f6-56rv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-567m-82f6-56rv"
}
],
"source": {
"advisory": "GHSA-567m-82f6-56rv",
"discovery": "UNKNOWN"
},
"title": "Potential Backup file leaked via Nginx in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53991",
"datePublished": "2024-12-19T19:11:20.590Z",
"dateReserved": "2024-11-25T23:14:36.381Z",
"dateUpdated": "2024-12-20T20:43:11.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23624
Vulnerability from cvelistv5
Published
2023-01-27 23:35
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/20006 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q"
},
{
"name": "https://github.com/discourse/discourse/pull/20006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20006"
},
{
"name": "https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.1"
},
{
"status": "affected",
"version": "= 3.1.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T23:35:10.242Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q"
},
{
"name": "https://github.com/discourse/discourse/pull/20006",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20006"
},
{
"name": "https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a"
}
],
"source": {
"advisory": "GHSA-qgj5-g5vf-fm7q",
"discovery": "UNKNOWN"
},
"title": "Discourse\u0027s exclude_tags param could leak which topics had a specific hidden tag"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23624",
"datePublished": "2023-01-27T23:35:10.242Z",
"dateReserved": "2023-01-16T17:07:46.243Z",
"dateUpdated": "2024-08-02T10:35:33.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39320
Vulnerability from cvelistv5
Published
2024-07-30 14:33
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T17:25:42.441671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:25:51.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4p82-xh38-gq4p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4p82-xh38-gq4p"
},
{
"name": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210"
},
{
"name": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.5"
},
{
"status": "affected",
"version": "\u003e= 3.3.0.beta1, \u003c 3.3.0.beta5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:33:48.589Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-4p82-xh38-gq4p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4p82-xh38-gq4p"
},
{
"name": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210"
},
{
"name": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e"
}
],
"source": {
"advisory": "GHSA-4p82-xh38-gq4p",
"discovery": "UNKNOWN"
},
"title": "Discourse allows iframe injection though default site setting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39320",
"datePublished": "2024-07-30T14:33:48.589Z",
"dateReserved": "2024-06-21T18:15:22.262Z",
"dateUpdated": "2024-08-02T04:19:20.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45131
Vulnerability from cvelistv5
Published
2023-10-16 21:24
Modified
2024-09-16 15:41
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.beta2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:59:25.264189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:41:43.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": " stable \u003c 3.1.2"
},
{
"status": "affected",
"version": "beta \u003c 3.2.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T21:24:10.688Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6"
}
],
"source": {
"advisory": "GHSA-84gf-hhrc-9pw6",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated access to new private chat messages in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45131",
"datePublished": "2023-10-16T21:24:10.688Z",
"dateReserved": "2023-10-04T16:02:46.328Z",
"dateUpdated": "2024-09-16T15:41:43.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23549
Vulnerability from cvelistv5
Published
2023-01-05 00:00
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "2.8.14",
"status": "affected",
"version": "2.8.14",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.9.0.beta0",
"status": "affected",
"version": "2.9.0.beta0",
"versionType": "custom"
},
{
"lessThan": "2.9.0.beta16",
"status": "affected",
"version": "2.9.0.beta16",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8"
},
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp"
}
],
"source": {
"advisory": "GHSA-p47g-v5wr-p4xp",
"defect": [
"GHSA-p47g-v5wr-p4xp"
],
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to bypass of post max_length using HTML comments",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23549",
"datePublished": "2023-01-05T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:43:46.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23622
Vulnerability from cvelistv5
Published
2023-03-17 14:17
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to.
In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/20004 | x_refsource_MISC | |
| https://github.com/discourse/discourse/pull/20005 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795"
},
{
"name": "https://github.com/discourse/discourse/pull/20004",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20004"
},
{
"name": "https://github.com/discourse/discourse/pull/20005",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20005"
},
{
"name": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164"
},
{
"name": "https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.0.1"
},
{
"status": "affected",
"version": "beta \u003c 3.1.0.beta2"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.1.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. \n\nIn version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic\u0027s category read restrictions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T14:17:17.427Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795"
},
{
"name": "https://github.com/discourse/discourse/pull/20004",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20004"
},
{
"name": "https://github.com/discourse/discourse/pull/20005",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20005"
},
{
"name": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164"
},
{
"name": "https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f"
}
],
"source": {
"advisory": "GHSA-2wvr-4x7w-v795",
"discovery": "UNKNOWN"
},
"title": "Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23622",
"datePublished": "2023-03-17T14:17:17.427Z",
"dateReserved": "2023-01-16T17:07:46.243Z",
"dateUpdated": "2024-08-02T10:35:33.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30606
Vulnerability from cvelistv5
Published
2023-04-18 21:36
Modified
2025-02-06 16:37
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:37:06.698669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:37:26.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.0.2"
},
{
"status": "affected",
"version": "beta: \u003c 3.1.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T21:36:08.683Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv"
}
],
"source": {
"advisory": "GHSA-jj93-w3mv-3jvv",
"discovery": "UNKNOWN"
},
"title": "Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30606",
"datePublished": "2023-04-18T21:36:08.683Z",
"dateReserved": "2023-04-13T13:25:18.830Z",
"dateUpdated": "2025-02-06T16:37:26.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38684
Vulnerability from cvelistv5
Published
2023-07-28 15:25
Modified
2024-10-10 16:03
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf"
},
{
"name": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.1.0.beta7",
"status": "affected",
"version": "3.1.0.beta1",
"versionType": "custom"
},
{
"lessThan": "3.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:30:18.803218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:03:56.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta7"
},
{
"status": "affected",
"version": "\u003c 3.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-28T15:25:41.132Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf"
},
{
"name": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70"
}
],
"source": {
"advisory": "GHSA-ff7g-xv79-hgmf",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38684",
"datePublished": "2023-07-28T15:25:41.132Z",
"dateReserved": "2023-07-24T16:19:28.363Z",
"dateUpdated": "2024-10-10T16:03:56.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24824
Vulnerability from cvelistv5
Published
2022-04-14 21:15
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.3"
},
{
"status": "affected",
"version": "\u003c 2.9.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T21:15:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"
}
],
"source": {
"advisory": "GHSA-46v9-3jc4-f53w",
"discovery": "UNKNOWN"
},
"title": "Anonymous user cache poisoning in discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24824",
"STATE": "PUBLIC",
"TITLE": "Anonymous user cache poisoning in discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.3"
},
{
"version_value": "\u003c 2.9.0.beta4"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"
},
{
"name": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"
}
]
},
"source": {
"advisory": "GHSA-46v9-3jc4-f53w",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24824",
"datePublished": "2022-04-14T21:15:14",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41082
Vulnerability from cvelistv5
Published
2021-09-20 20:20
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm3x-w6jm-j9vv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/27bad28c530c89acab35a56b945b6a3924280f4b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/ddb458343dc39a7a8c99467dcd809b444514fe2c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= tests-passed = ddb4583, \u003c tests-passed = 27bad28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-20T20:20:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm3x-w6jm-j9vv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/27bad28c530c89acab35a56b945b6a3924280f4b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/ddb458343dc39a7a8c99467dcd809b444514fe2c"
}
],
"source": {
"advisory": "GHSA-vm3x-w6jm-j9vv",
"discovery": "UNKNOWN"
},
"title": "Private message title and participating users leaked in discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41082",
"STATE": "PUBLIC",
"TITLE": "Private message title and participating users leaked in discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003e= tests-passed = ddb4583, \u003c tests-passed = 27bad28"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-vm3x-w6jm-j9vv",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-vm3x-w6jm-j9vv"
},
{
"name": "https://github.com/discourse/discourse/commit/27bad28c530c89acab35a56b945b6a3924280f4b",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/27bad28c530c89acab35a56b945b6a3924280f4b"
},
{
"name": "https://github.com/discourse/discourse/commit/ddb458343dc39a7a8c99467dcd809b444514fe2c",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/ddb458343dc39a7a8c99467dcd809b444514fe2c"
}
]
},
"source": {
"advisory": "GHSA-vm3x-w6jm-j9vv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41082",
"datePublished": "2021-09-20T20:20:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43792
Vulnerability from cvelistv5
Published
2021-12-01 19:35
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pq2x-vq37-8522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/cdaf7f4bb3ec268238e4c29a14bb73fad56574b4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://meta.discourse.org/t/non-forum-staff-getting-notifications-for-staff-only-tags/184895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 2.7.11"
},
{
"status": "affected",
"version": "beta \u003c 2.8.0.beta9"
},
{
"status": "affected",
"version": "tests-passed \u003c 2.8.0.beta9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the \"Tags are visible only to the following groups\" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T19:35:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pq2x-vq37-8522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/cdaf7f4bb3ec268238e4c29a14bb73fad56574b4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://meta.discourse.org/t/non-forum-staff-getting-notifications-for-staff-only-tags/184895"
}
],
"source": {
"advisory": "GHSA-pq2x-vq37-8522",
"discovery": "UNKNOWN"
},
"title": "Notifications leak in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43792",
"STATE": "PUBLIC",
"TITLE": "Notifications leak in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "stable \u003c 2.7.11"
},
{
"version_value": "beta \u003c 2.8.0.beta9"
},
{
"version_value": "tests-passed \u003c 2.8.0.beta9"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the \"Tags are visible only to the following groups\" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-pq2x-vq37-8522",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pq2x-vq37-8522"
},
{
"name": "https://github.com/discourse/discourse/commit/cdaf7f4bb3ec268238e4c29a14bb73fad56574b4",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/cdaf7f4bb3ec268238e4c29a14bb73fad56574b4"
},
{
"name": "https://meta.discourse.org/t/non-forum-staff-getting-notifications-for-staff-only-tags/184895",
"refsource": "MISC",
"url": "https://meta.discourse.org/t/non-forum-staff-getting-notifications-for-staff-only-tags/184895"
}
]
},
"source": {
"advisory": "GHSA-pq2x-vq37-8522",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43792",
"datePublished": "2021-12-01T19:35:17",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-53266
Vulnerability from cvelistv5
Published
2025-02-04 21:18
Modified
2025-02-04 21:40
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-hw4j-4hg7-22h2 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:40:15.684528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:40:25.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.3.3"
},
{
"status": "affected",
"version": "tests-passed: \u003c 3.4.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user\u0027s profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:18:19.591Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hw4j-4hg7-22h2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hw4j-4hg7-22h2"
}
],
"source": {
"advisory": "GHSA-hw4j-4hg7-22h2",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) via topic titles when CSP disabled in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53266",
"datePublished": "2025-02-04T21:18:19.591Z",
"dateReserved": "2024-11-19T20:08:14.481Z",
"dateUpdated": "2025-02-04T21:40:25.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22468
Vulnerability from cvelistv5
Published
2023-01-26 08:31
Modified
2024-08-02 10:13
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 2.8.14"
},
{
"status": "affected",
"version": "beta \u003c 3.0.0.beta16"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.0.0.beta16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse\u0027s default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site\u0027s CSP to the default one provided with Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T08:31:00.485Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-8mr2-xf8r-wr8m"
}
],
"source": {
"advisory": "GHSA-8mr2-xf8r-wr8m",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to Cross-site Scripting in local oneboxes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22468",
"datePublished": "2023-01-26T08:31:00.485Z",
"dateReserved": "2022-12-29T03:00:40.880Z",
"dateUpdated": "2024-08-02T10:13:48.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31142
Vulnerability from cvelistv5
Published
2023-06-13 21:12
Modified
2025-01-02 21:02
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T21:01:11.013468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:02:40.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.4"
},
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T21:12:47.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2"
}
],
"source": {
"advisory": "GHSA-286w-97m2-78x2",
"discovery": "UNKNOWN"
},
"title": "Discourse\u0027s general category permissions could be set back to default"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-31142",
"datePublished": "2023-06-13T21:12:47.664Z",
"dateReserved": "2023-04-24T21:44:10.417Z",
"dateUpdated": "2025-01-02T21:02:40.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35234
Vulnerability from cvelistv5
Published
2024-07-03 18:23
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T20:03:00.427087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T20:03:43.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58"
},
{
"name": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd"
},
{
"name": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.2.3"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.3.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users\u2019 browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:40:10.254Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58"
},
{
"name": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd"
},
{
"name": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2"
}
],
"source": {
"advisory": "GHSA-5chg-hm8c-wc58",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to stored-dom XSS via Facebook Oneboxes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35234",
"datePublished": "2024-07-03T18:23:10.179Z",
"dateReserved": "2024-05-14T15:39:41.785Z",
"dateUpdated": "2024-08-02T03:07:46.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36068
Vulnerability from cvelistv5
Published
2022-09-29 19:45
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/18418 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/18418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.9"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T19:45:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/18418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6"
}
],
"source": {
"advisory": "GHSA-6crr-3662-263q",
"discovery": "UNKNOWN"
},
"title": "Discourse moderators can edit themes via the API",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36068",
"STATE": "PUBLIC",
"TITLE": "Discourse moderators can edit themes via the API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.9"
},
{
"version_value": "\u003e= 2.9.0.beta0, \u003c 2.9.0.beta10"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q"
},
{
"name": "https://github.com/discourse/discourse/pull/18418",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/18418"
},
{
"name": "https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6"
}
]
},
"source": {
"advisory": "GHSA-6crr-3662-263q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36068",
"datePublished": "2022-09-29T19:45:13",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27100
Vulnerability from cvelistv5
Published
2024-03-15 19:21
Modified
2024-08-02 00:27
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could render an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-xq4v-qg27-gxgc | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/8cade1e825e90a66f440e820992d43c6905f4b47 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T16:16:38.459832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:44.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-xq4v-qg27-gxgc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xq4v-qg27-gxgc"
},
{
"name": "https://github.com/discourse/discourse/commit/8cade1e825e90a66f440e820992d43c6905f4b47",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/8cade1e825e90a66f440e820992d43c6905f4b47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.2.0"
},
{
"status": "affected",
"version": "beta \u003c= 3.3.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c= 3.3.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren\u0027t enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could render an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:21:49.443Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-xq4v-qg27-gxgc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-xq4v-qg27-gxgc"
},
{
"name": "https://github.com/discourse/discourse/commit/8cade1e825e90a66f440e820992d43c6905f4b47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/8cade1e825e90a66f440e820992d43c6905f4b47"
}
],
"source": {
"advisory": "GHSA-xq4v-qg27-gxgc",
"discovery": "UNKNOWN"
},
"title": "Denial of service via Staff Actions in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27100",
"datePublished": "2024-03-15T19:21:49.443Z",
"dateReserved": "2024-02-19T14:43:05.994Z",
"dateUpdated": "2024-08-02T00:27:59.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23641
Vulnerability from cvelistv5
Published
2022-02-15 20:15
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/15927 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/15927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 2.8.0"
},
{
"status": "affected",
"version": "beta \u003c= 2.9.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c= 2.9.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T20:15:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/15927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e"
}
],
"source": {
"advisory": "GHSA-22xw-f62v-cfxv",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23641",
"STATE": "PUBLIC",
"TITLE": "Denial of Service in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "stable \u003c= 2.8.0"
},
{
"version_value": "beta \u003c= 2.9.0.beta1"
},
{
"version_value": "tests-passed \u003c= 2.9.0.beta1"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv"
},
{
"name": "https://github.com/discourse/discourse/pull/15927",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/15927"
},
{
"name": "https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e"
}
]
},
"source": {
"advisory": "GHSA-22xw-f62v-cfxv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23641",
"datePublished": "2022-02-15T20:15:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:44.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45051
Vulnerability from cvelistv5
Published
2024-10-07 20:23
Modified
2024-10-08 18:26
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-2vjv-pgh4-6rmq | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "stable",
"versionType": "custom"
},
{
"lessThan": "3.4.0.beta2",
"status": "affected",
"version": "beta",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:25:31.159640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:26:35.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.3.2"
},
{
"status": "affected",
"version": "beta: \u003c 3.4.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:23:01.955Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2vjv-pgh4-6rmq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2vjv-pgh4-6rmq"
}
],
"source": {
"advisory": "GHSA-2vjv-pgh4-6rmq",
"discovery": "UNKNOWN"
},
"title": "Bypass of email address validation via encoded email addresses in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45051",
"datePublished": "2024-10-07T20:23:01.955Z",
"dateReserved": "2024-08-21T17:53:51.331Z",
"dateUpdated": "2024-10-08T18:26:35.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26040
Vulnerability from cvelistv5
Published
2023-03-17 14:45
Modified
2024-08-02 11:39
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-ccfc-qpmp-gq87 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-ccfc-qpmp-gq87",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ccfc-qpmp-gq87"
},
{
"name": "https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "tests-passed \u003e 3.1.0.beta2, \u003c 3.1.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T14:45:35.889Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-ccfc-qpmp-gq87",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ccfc-qpmp-gq87"
},
{
"name": "https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/a373bf2a01488c206e7feb28a9d2361b22ce6e70"
}
],
"source": {
"advisory": "GHSA-ccfc-qpmp-gq87",
"discovery": "UNKNOWN"
},
"title": "Discourse chat messages susceptible to Cross-site Scripting through chat excerpts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26040",
"datePublished": "2023-03-17T14:45:35.889Z",
"dateReserved": "2023-02-17T22:44:03.149Z",
"dateUpdated": "2024-08-02T11:39:06.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37458
Vulnerability from cvelistv5
Published
2022-09-02 11:28
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure | x_refsource_MISC | |
| https://github.com/discourse/discourse/tags | x_refsource_MISC | |
| https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T11:28:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure",
"refsource": "MISC",
"url": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure"
},
{
"name": "https://github.com/discourse/discourse/tags",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/tags"
},
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37458",
"datePublished": "2022-09-02T11:28:29",
"dateReserved": "2022-08-07T00:00:00",
"dateUpdated": "2024-08-03T10:29:21.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43814
Vulnerability from cvelistv5
Published
2023-10-16 21:09
Modified
2024-09-13 18:59
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T18:58:33.367084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T18:59:34.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c= 3.1.1"
},
{
"status": "affected",
"version": "beta \u003c= 3.2.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T21:09:16.620Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw"
}
],
"source": {
"advisory": "GHSA-3x57-846g-7qcw",
"discovery": "UNKNOWN"
},
"title": "Exposure of poll options and votes to unauthorized users in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43814",
"datePublished": "2023-10-16T21:09:16.620Z",
"dateReserved": "2023-09-22T14:51:42.342Z",
"dateUpdated": "2024-09-13T18:59:34.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41271
Vulnerability from cvelistv5
Published
2021-11-15 21:20
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-hf6r-mc9j-hf4p | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf6r-mc9j-hf4p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.10"
},
{
"status": "affected",
"version": "\u003e= 2.8.0, \u003c 2.8.0.beta8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-15T21:20:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf6r-mc9j-hf4p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
}
],
"source": {
"advisory": "GHSA-hf6r-mc9j-hf4p",
"discovery": "UNKNOWN"
},
"title": "Cache poisoning via maliciously-formed request in discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41271",
"STATE": "PUBLIC",
"TITLE": "Cache poisoning via maliciously-formed request in discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.10"
},
{
"version_value": "\u003e= 2.8.0, \u003c 2.8.0.beta8"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hf6r-mc9j-hf4p",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf6r-mc9j-hf4p"
},
{
"name": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
}
]
},
"source": {
"advisory": "GHSA-hf6r-mc9j-hf4p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41271",
"datePublished": "2021-11-15T21:20:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T03:08:31.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22739
Vulnerability from cvelistv5
Published
2023-01-26 08:45
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.0.1"
},
{
"status": "affected",
"version": "beta \u003c 3.1.0.beta2"
},
{
"status": "affected",
"version": "tests-passed \u003c3.1.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T08:45:37.676Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rqgr-g6v7-jcfc"
}
],
"source": {
"advisory": "GHSA-rqgr-g6v7-jcfc",
"discovery": "UNKNOWN"
},
"title": "Discourse subject to Allocation of Resources Without Limits or Throttling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22739",
"datePublished": "2023-01-26T08:45:37.676Z",
"dateReserved": "2023-01-06T14:21:05.892Z",
"dateUpdated": "2024-08-02T10:20:30.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22455
Vulnerability from cvelistv5
Published
2023-01-05 20:02
Modified
2024-08-02 10:13
Severity ?
EPSS score ?
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-5rq6-466r-6mr9 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5rq6-466r-6mr9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5rq6-466r-6mr9"
},
{
"name": "https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.14"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 3.0.0.beta16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse\u2019s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T20:02:40.608Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5rq6-466r-6mr9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5rq6-466r-6mr9"
},
{
"name": "https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2"
}
],
"source": {
"advisory": "GHSA-5rq6-466r-6mr9",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to Cross-site Scripting through tag descriptions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22455",
"datePublished": "2023-01-05T20:02:40.608Z",
"dateReserved": "2022-12-29T03:00:40.877Z",
"dateUpdated": "2024-08-02T10:13:48.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38706
Vulnerability from cvelistv5
Published
2023-09-15 19:22
Modified
2024-09-24 18:20
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:05:13.291486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:20:38.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.1.1"
},
{
"status": "affected",
"version": "beta \u003c 3.2.0.beta1"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.2.0.beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T19:22:08.194Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8"
}
],
"source": {
"advisory": "GHSA-7wpp-4pqg-gvp8",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to DoS via drafts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38706",
"datePublished": "2023-09-15T19:22:08.194Z",
"dateReserved": "2023-07-24T16:19:28.366Z",
"dateUpdated": "2024-09-24T18:20:38.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52589
Vulnerability from cvelistv5
Published
2024-12-19 19:13
Modified
2024-12-20 20:01
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-cqw6-rr3v-8fff | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:01:12.594289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:01:32.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.2"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta2"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T19:13:51.333Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cqw6-rr3v-8fff",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cqw6-rr3v-8fff"
}
],
"source": {
"advisory": "GHSA-cqw6-rr3v-8fff",
"discovery": "UNKNOWN"
},
"title": "Moderators can view Screened emails even when the \u201cmoderators view emails\u201d option is disabled in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52589",
"datePublished": "2024-12-19T19:13:51.333Z",
"dateReserved": "2024-11-14T15:05:46.767Z",
"dateUpdated": "2024-12-20T20:01:32.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22454
Vulnerability from cvelistv5
Published
2023-01-05 19:58
Modified
2024-08-02 10:13
Severity ?
EPSS score ?
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require moderator approval of all new topics" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-ggq4-4qxc-c462 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-ggq4-4qxc-c462",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ggq4-4qxc-c462"
},
{
"name": "https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.14"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 3.0.0.beta16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the \"require moderator approval of all new topics\" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse\u2019s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T19:58:36.355Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-ggq4-4qxc-c462",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ggq4-4qxc-c462"
},
{
"name": "https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12"
}
],
"source": {
"advisory": "GHSA-ggq4-4qxc-c462",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to Cross-site Scripting through pending post titles descriptions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22454",
"datePublished": "2023-01-05T19:58:36.355Z",
"dateReserved": "2022-12-29T03:00:40.877Z",
"dateUpdated": "2024-08-02T10:13:48.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46177
Vulnerability from cvelistv5
Published
2023-01-05 19:48
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account's primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5www-jxvf-vrc3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5www-jxvf-vrc3"
},
{
"name": "https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570"
},
{
"name": "https://github.com/discourse/discourse/commit/83944213b2b2454af80d0407f60d67641b1f0b38",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/83944213b2b2454af80d0407f60d67641b1f0b38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.14"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta0, \u003c 3.0.0.beta16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account\u0027s primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T19:48:05.483Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5www-jxvf-vrc3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5www-jxvf-vrc3"
},
{
"name": "https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570"
},
{
"name": "https://github.com/discourse/discourse/commit/83944213b2b2454af80d0407f60d67641b1f0b38",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/83944213b2b2454af80d0407f60d67641b1f0b38"
}
],
"source": {
"advisory": "GHSA-5www-jxvf-vrc3",
"discovery": "UNKNOWN"
},
"title": "Discourse password reset link can lead to in account takeover if user changes to a new email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-46177",
"datePublished": "2023-01-05T19:48:05.483Z",
"dateReserved": "2022-11-28T17:27:19.999Z",
"dateUpdated": "2024-08-03T14:24:03.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-21655
Vulnerability from cvelistv5
Published
2024-01-12 20:46
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.4"
},
{
"status": "affected",
"version": "\u003e= 3.2.0beta1, \u003c 3.2.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T20:46:00.196Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx"
}
],
"source": {
"advisory": "GHSA-m5fc-94mm-38fx",
"discovery": "UNKNOWN"
},
"title": "Insufficient control of custom field value sizes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21655",
"datePublished": "2024-01-12T20:46:00.196Z",
"dateReserved": "2023-12-29T16:10:20.366Z",
"dateUpdated": "2024-08-01T22:27:36.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43793
Vulnerability from cvelistv5
Published
2021-12-01 19:40
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 2.7.11"
},
{
"status": "affected",
"version": "tests-passed \u003c 2.8.0.beta9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T19:40:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b"
}
],
"source": {
"advisory": "GHSA-jq7h-44vc-h6qx",
"discovery": "UNKNOWN"
},
"title": "Bypass of Poll voting limits in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43793",
"STATE": "PUBLIC",
"TITLE": "Bypass of Poll voting limits in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "stable \u003c 2.7.11"
},
{
"version_value": "tests-passed \u003c 2.8.0.beta9"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx"
},
{
"name": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab"
},
{
"name": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b"
}
]
},
"source": {
"advisory": "GHSA-jq7h-44vc-h6qx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43793",
"datePublished": "2021-12-01T19:40:15",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:09.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39232
Vulnerability from cvelistv5
Published
2022-09-29 20:15
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/18311 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:42.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/18311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.9.0.beta5, \u003c 2.9.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won\u0027t break the app. As a workaround, the quote can be fixed via the rails console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T20:15:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/18311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530"
}
],
"source": {
"advisory": "GHSA-cv64-v73f-7wq5",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to incomplete quote causing a topic to crash in the browser",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39232",
"STATE": "PUBLIC",
"TITLE": "Discourse vulnerable to incomplete quote causing a topic to crash in the browser"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.9.0.beta5, \u003c 2.9.0.beta10"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won\u0027t break the app. As a workaround, the quote can be fixed via the rails console."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5"
},
{
"name": "https://github.com/discourse/discourse/pull/18311",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/18311"
},
{
"name": "https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530"
}
]
},
"source": {
"advisory": "GHSA-cv64-v73f-7wq5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39232",
"datePublished": "2022-09-29T20:15:14",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:42.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24804
Vulnerability from cvelistv5
Published
2022-04-11 19:16
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.3"
},
{
"status": "affected",
"version": "\u003e= 2.9.0.beta1, \u003c 2.9.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category\u0027s permissions setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:16:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2"
}
],
"source": {
"advisory": "GHSA-v4c9-6m9g-37ff",
"discovery": "UNKNOWN"
},
"title": "Private group name exposure in discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24804",
"STATE": "PUBLIC",
"TITLE": "Private group name exposure in discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.3"
},
{
"version_value": "\u003e= 2.9.0.beta1, \u003c 2.9.0.beta4"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category\u0027s permissions setting."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff"
},
{
"name": "https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2"
}
]
},
"source": {
"advisory": "GHSA-v4c9-6m9g-37ff",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24804",
"datePublished": "2022-04-11T19:16:17",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23834
Vulnerability from cvelistv5
Published
2024-01-30 21:31
Modified
2024-10-17 17:59
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc"
},
{
"name": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000"
},
{
"name": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094"
},
{
"name": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T15:57:17.107209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:59:10.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.5"
},
{
"status": "affected",
"version": "\u003e= 3.2.0.beta1, \u003c 3.2.0.beta5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-30T21:31:35.617Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc"
},
{
"name": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000"
},
{
"name": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094",
"tags": [
"x_refsource_MISC"
],
"url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094"
},
{
"name": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093",
"tags": [
"x_refsource_MISC"
],
"url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093"
}
],
"source": {
"advisory": "GHSA-rj3g-8q6p-63pc",
"discovery": "UNKNOWN"
},
"title": "Discourse improperly sanitized user input leads to XSS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23834",
"datePublished": "2024-01-30T21:31:35.617Z",
"dateReserved": "2024-01-22T22:23:54.340Z",
"dateUpdated": "2024-10-17T17:59:10.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-53851
Vulnerability from cvelistv5
Published
2025-02-04 21:16
Modified
2025-02-04 21:40
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This vulnerability is only exploitable by authenticated users. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should turn off the `enable inline onebox on all domains` site setting and remove all entries from the `allowed inline onebox domains` site setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-49rv-574x-wgpc | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/416ec83ae57924d721e6e374f4cda78bd77a4599 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:40:40.799536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:40:59.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.2"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta3"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn\u0027t enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This vulnerability is only exploitable by authenticated users. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should turn off the `enable inline onebox on all domains` site setting and remove all entries from the `allowed inline onebox domains` site setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:16:42.089Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-49rv-574x-wgpc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-49rv-574x-wgpc"
},
{
"name": "https://github.com/discourse/discourse/commit/416ec83ae57924d721e6e374f4cda78bd77a4599",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/416ec83ae57924d721e6e374f4cda78bd77a4599"
}
],
"source": {
"advisory": "GHSA-49rv-574x-wgpc",
"discovery": "UNKNOWN"
},
"title": "Partial denial of service via inline oneboxes in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53851",
"datePublished": "2025-02-04T21:16:42.089Z",
"dateReserved": "2024-11-22T17:30:02.140Z",
"dateUpdated": "2025-02-04T21:40:59.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55948
Vulnerability from cvelistv5
Published
2025-02-04 21:01
Modified
2025-02-04 21:23
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-2352-252q-qc82 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:23:13.063308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:23:21.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.3.2"
},
{
"status": "affected",
"version": "tests-passed: \u003c 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:01:59.746Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2352-252q-qc82",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2352-252q-qc82"
}
],
"source": {
"advisory": "GHSA-2352-252q-qc82",
"discovery": "UNKNOWN"
},
"title": "Anonymous cache poisoning via XHR requests in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55948",
"datePublished": "2025-02-04T21:01:59.746Z",
"dateReserved": "2024-12-13T17:39:32.960Z",
"dateUpdated": "2025-02-04T21:23:21.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1020018
Vulnerability from cvelistv5
Published
2019-07-29 13:14
Modified
2024-08-05 03:14
Severity ?
EPSS score ?
Summary
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Discourse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.0"
},
{
"status": "affected",
"version": "2.4.0.beta1"
},
{
"status": "affected",
"version": "2.4.0.beta2"
},
{
"status": "affected",
"version": "fixed in 2.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "lacks a confirmation screen",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T18:58:48",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.3.0"
},
{
"version_value": "2.4.0.beta1"
},
{
"version_value": "2.4.0.beta2"
},
{
"version_value": "fixed in 2.4.0.beta3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lacks a confirmation screen"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"name": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020018",
"datePublished": "2019-07-29T13:14:16",
"dateReserved": "2019-07-26T00:00:00",
"dateUpdated": "2024-08-05T03:14:15.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52794
Vulnerability from cvelistv5
Published
2024-12-19 19:12
Modified
2024-12-20 20:42
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:42:12.882634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:42:25.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.2"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta3"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T19:12:29.589Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9"
}
],
"source": {
"advisory": "GHSA-m3v4-v2rp-hfm9",
"discovery": "UNKNOWN"
},
"title": "Magnific lightbox susceptible to Cross-site Scripting in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52794",
"datePublished": "2024-12-19T19:12:29.589Z",
"dateReserved": "2024-11-15T17:11:13.439Z",
"dateUpdated": "2024-12-20T20:42:25.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39356
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x8w7-rwmr-w278"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/18817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.8.9"
},
{
"status": "affected",
"version": "\u003c= 2.9.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user\u0027s email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x8w7-rwmr-w278"
},
{
"url": "https://github.com/discourse/discourse/pull/18817"
}
],
"source": {
"advisory": "GHSA-x8w7-rwmr-w278",
"discovery": "UNKNOWN"
},
"title": "Discourse user account takeover via email and invite link"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39356",
"datePublished": "2022-11-02T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-22602
Vulnerability from cvelistv5
Published
2025-02-04 20:51
Modified
2025-02-12 14:03
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-694p-c5m3 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:03:21.228534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:03:25.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.3"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta3"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users\u0027 browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:51:56.909Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-694p-c5m3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-694p-c5m3"
}
],
"source": {
"advisory": "GHSA-jcjx-694p-c5m3",
"discovery": "UNKNOWN"
},
"title": "Stored DOM-based XSS (without CSP) via video placeholders in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-22602",
"datePublished": "2025-02-04T20:51:56.909Z",
"dateReserved": "2025-01-07T15:07:26.775Z",
"dateUpdated": "2025-02-12T14:03:25.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37165
Vulnerability from cvelistv5
Published
2024-07-30 14:10
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T15:43:02.418896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:44:18.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cx83-5p6x-9qh9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cx83-5p6x-9qh9"
},
{
"name": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd"
},
{
"name": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.3"
},
{
"status": "affected",
"version": "\u003e= 3.3.0.beta1, \u003c 3.3.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:14:29.632Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cx83-5p6x-9qh9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cx83-5p6x-9qh9"
},
{
"name": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd"
},
{
"name": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2"
}
],
"source": {
"advisory": "GHSA-cx83-5p6x-9qh9",
"discovery": "UNKNOWN"
},
"title": "Discourse has an XSS via Onebox system"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37165",
"datePublished": "2024-07-30T14:10:24.804Z",
"dateReserved": "2024-06-03T17:29:38.330Z",
"dateUpdated": "2024-08-02T03:50:55.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23616
Vulnerability from cvelistv5
Published
2023-01-27 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/19993"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/d5745d34c20c31a221039d8913f33064433003ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6xff-p329-9pgf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/3e0cc4a5d9ef44ad902f6985d046ebb32f0a14ee"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "3.1.0.beta1"
},
{
"lessThan": "3.0.1",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/pull/19993"
},
{
"url": "https://github.com/discourse/discourse/commit/d5745d34c20c31a221039d8913f33064433003ea"
},
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6xff-p329-9pgf"
},
{
"url": "https://github.com/discourse/discourse/commit/3e0cc4a5d9ef44ad902f6985d046ebb32f0a14ee"
}
],
"source": {
"advisory": "GHSA-6xff-p329-9pgf",
"defect": [
"GHSA-6xff-p329-9pgf"
],
"discovery": "UNKNOWN"
},
"title": "Discourse membership requests lack character limit",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23616",
"datePublished": "2023-01-27T00:00:00",
"dateReserved": "2023-01-16T00:00:00",
"dateUpdated": "2024-08-02T10:35:33.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25172
Vulnerability from cvelistv5
Published
2023-03-17 16:07
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-7pm2-prxw-wrvp | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/20008 | x_refsource_MISC | |
| https://github.com/discourse/discourse/pull/20009 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/c186a46910431020e8efc425dec2133e7a99fa9a | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:36.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7pm2-prxw-wrvp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7pm2-prxw-wrvp"
},
{
"name": "https://github.com/discourse/discourse/pull/20008",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20008"
},
{
"name": "https://github.com/discourse/discourse/pull/20009",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/20009"
},
{
"name": "https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915"
},
{
"name": "https://github.com/discourse/discourse/commit/c186a46910431020e8efc425dec2133e7a99fa9a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/c186a46910431020e8efc425dec2133e7a99fa9a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.0.1"
},
{
"status": "affected",
"version": "beta \u003c 3.1.0.beta2"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.1.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user\u0027s full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse\u0027s default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site\u0027s CSP to the default one provided with Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T16:07:27.668Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7pm2-prxw-wrvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7pm2-prxw-wrvp"
},
{
"name": "https://github.com/discourse/discourse/pull/20008",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20008"
},
{
"name": "https://github.com/discourse/discourse/pull/20009",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/20009"
},
{
"name": "https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/1a5a6f66cb821ed29a737311d6fdc2eba5adc915"
},
{
"name": "https://github.com/discourse/discourse/commit/c186a46910431020e8efc425dec2133e7a99fa9a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/c186a46910431020e8efc425dec2133e7a99fa9a"
}
],
"source": {
"advisory": "GHSA-7pm2-prxw-wrvp",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to Cross-site Scripting - user name displayed on post"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25172",
"datePublished": "2023-03-17T16:07:27.668Z",
"dateReserved": "2023-02-03T16:59:18.247Z",
"dateUpdated": "2024-08-02T11:18:36.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21677
Vulnerability from cvelistv5
Published
2022-01-14 16:45
Modified
2024-08-03 02:46
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a group's visibility and the group's members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group's visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-768r-ppv4-5r27 | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-768r-ppv4-5r27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.13"
},
{
"status": "affected",
"version": "\u003c 2.8.0.beta11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group\u0027s members visibility set to public as well. However, a group\u0027s visibility and the group\u0027s members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group\u0027s visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T16:45:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-768r-ppv4-5r27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44"
}
],
"source": {
"advisory": "GHSA-768r-ppv4-5r27",
"discovery": "UNKNOWN"
},
"title": "Group advanced search option may leak group and group\u0027s members visibility ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21677",
"STATE": "PUBLIC",
"TITLE": "Group advanced search option may leak group and group\u0027s members visibility "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.13"
},
{
"version_value": "\u003c 2.8.0.beta11"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group\u0027s members visibility set to public as well. However, a group\u0027s visibility and the group\u0027s members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group\u0027s visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-768r-ppv4-5r27",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-768r-ppv4-5r27"
},
{
"name": "https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/fff8b98485561b12d070c0a8c39f4e503813ab44"
}
]
},
"source": {
"advisory": "GHSA-768r-ppv4-5r27",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21677",
"datePublished": "2022-01-14T16:45:17",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23546
Vulnerability from cvelistv5
Published
2023-01-05 18:10
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f"
},
{
"name": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "= 2.9.0.beta14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin\u0027s digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T18:10:08.048Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f"
},
{
"name": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8"
}
],
"source": {
"advisory": "GHSA-q9jp-xv4g-328f",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to private topic leak via email#send_digest"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23546",
"datePublished": "2023-01-05T18:10:08.048Z",
"dateReserved": "2022-01-19T21:23:53.798Z",
"dateUpdated": "2024-08-03T03:43:46.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-49765
Vulnerability from cvelistv5
Published
2024-12-19 19:15
Modified
2024-12-20 20:00
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-v8rf-pvgm-xxf2 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:00:24.437096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:00:41.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c= 3.3.2"
},
{
"status": "affected",
"version": "beta: \u003c= 3.4.0.beta3"
},
{
"status": "affected",
"version": "tests-passed: \u003c= 3.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T19:15:11.497Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-v8rf-pvgm-xxf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-v8rf-pvgm-xxf2"
}
],
"source": {
"advisory": "GHSA-v8rf-pvgm-xxf2",
"discovery": "UNKNOWN"
},
"title": "Bypass of Discourse Connect using other login paths if enabled in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49765",
"datePublished": "2024-12-19T19:15:11.497Z",
"dateReserved": "2024-10-18T13:43:23.456Z",
"dateUpdated": "2024-12-20T20:00:41.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31060
Vulnerability from cvelistv5
Published
2022-06-14 20:15
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/pull/17071 | x_refsource_MISC | |
| https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/pull/17071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 2.8.4"
},
{
"status": "affected",
"version": "beta \u003c= 2.9.0.beta4"
},
{
"status": "affected",
"version": "tests-passed \u003c= 2.9.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T20:15:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/pull/17071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a"
}
],
"source": {
"advisory": "GHSA-5f4f-35fx-gqhq",
"discovery": "UNKNOWN"
},
"title": "Banner topic data is exposed on login-required Discourse sites",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31060",
"STATE": "PUBLIC",
"TITLE": "Banner topic data is exposed on login-required Discourse sites"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "stable \u003c 2.8.4"
},
{
"version_value": "beta \u003c= 2.9.0.beta4"
},
{
"version_value": "tests-passed \u003c= 2.9.0.beta4"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq"
},
{
"name": "https://github.com/discourse/discourse/pull/17071",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/pull/17071"
},
{
"name": "https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a"
}
]
},
"source": {
"advisory": "GHSA-5f4f-35fx-gqhq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31060",
"datePublished": "2022-06-14T20:15:17",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32764
Vulnerability from cvelistv5
Published
2021-07-15 20:40
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is patched in `stable` version 2.7.6, `beta` version 2.8.0.beta3, and `tests-passed` version 2.8.0.beta3. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-9x4c-29xg-56hw | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9x4c-29xg-56hw"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse\u0027s default Content Security Policy. The issue is patched in `stable` version 2.7.6, `beta` version 2.8.0.beta3, and `tests-passed` version 2.8.0.beta3. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:40:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9x4c-29xg-56hw"
}
],
"source": {
"advisory": "GHSA-9x4c-29xg-56hw",
"discovery": "UNKNOWN"
},
"title": "YouTube Onebox susceptible to XSS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32764",
"STATE": "PUBLIC",
"TITLE": "YouTube Onebox susceptible to XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c= 2.7.5"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse\u0027s default Content Security Policy. The issue is patched in `stable` version 2.7.6, `beta` version 2.8.0.beta3, and `tests-passed` version 2.8.0.beta3. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-9x4c-29xg-56hw",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9x4c-29xg-56hw"
}
]
},
"source": {
"advisory": "GHSA-9x4c-29xg-56hw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32764",
"datePublished": "2021-07-15T20:40:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:56.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37906
Vulnerability from cvelistv5
Published
2023-07-28 15:13
Modified
2024-10-10 16:05
Severity ?
EPSS score ?
Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c | x_refsource_CONFIRM | |
| https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c"
},
{
"name": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:33:08.186870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:05:02.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0.beta1, \u003c 3.1.0.beta7"
},
{
"status": "affected",
"version": "\u003c 3.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-28T15:13:46.848Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c"
},
{
"name": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a"
}
],
"source": {
"advisory": "GHSA-pjv6-47x6-mx7c",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to DoS via post edit reason"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37906",
"datePublished": "2023-07-28T15:13:46.848Z",
"dateReserved": "2023-07-10T17:51:29.610Z",
"dateUpdated": "2024-10-10T16:05:02.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30538
Vulnerability from cvelistv5
Published
2023-04-18 21:25
Modified
2025-02-06 16:33
Severity ?
EPSS score ?
Summary
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `authorized extensions` site setting does not include `svg` (or reset that setting to the default, by default Discourse doesn't enable SVG uploads by users).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:33:06.431010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:33:27.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable: \u003c 3.0.3"
},
{
"status": "affected",
"version": "beta: \u003c 3.1.0.beta4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users\u2019 browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `authorized extensions` site setting does not include `svg` (or reset that setting to the default, by default Discourse doesn\u0027t enable SVG uploads by users). "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T21:25:58.848Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43"
}
],
"source": {
"advisory": "GHSA-w5mv-4pjf-xj43",
"discovery": "UNKNOWN"
},
"title": "Stored Cross-site Scripting via improper sanitization of svg files in Discourse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30538",
"datePublished": "2023-04-18T21:25:58.848Z",
"dateReserved": "2023-04-12T15:19:33.766Z",
"dateUpdated": "2025-02-06T16:33:27.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36113
Vulnerability from cvelistv5
Published
2024-07-03 19:07
Modified
2024-08-02 03:30
Severity ?
EPSS score ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T20:03:09.788623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:04:47.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g"
},
{
"name": "https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d"
},
{
"name": "https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 3.2.3"
},
{
"status": "affected",
"version": "tests-passed \u003c 3.3.0.beta4-dev"
},
{
"status": "affected",
"version": "beta \u003c 3.3.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T19:07:27.133Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g"
},
{
"name": "https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d"
},
{
"name": "https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e"
}
],
"source": {
"advisory": "GHSA-3w3f-76p7-3c4g",
"discovery": "UNKNOWN"
},
"title": "Discourse missing authorization checks for suspending admins/moderators"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36113",
"datePublished": "2024-07-03T19:07:27.133Z",
"dateReserved": "2024-05-20T21:07:48.187Z",
"dateUpdated": "2024-08-02T03:30:13.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}