Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36068
Discourse is an open source discussion platform. In versions before 2.8.9 on the `stable` branch and before 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The prob...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2023-25819
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Di...
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2022-41944
Discourse is an open-source discussion platform. In stable versions before 2.8.12 and beta or tests-passed versions before 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topi...
Discourse Discourse 2.9.0
Discourse Discourse
445
VMScore
CVE-2022-24804
Discourse is an open source platform for community discussion. In stable versions before 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leake...
Discourse Discourse
Discourse Discourse 2.9.0
356
VMScore
CVE-2022-24850
Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though th...
Discourse Discourse
Discourse Discourse 2.9.0
NA
CVE-2023-45131
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known ...
Discourse Discourse
Discourse Discourse 3.2.0
NA
CVE-2023-45147
Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discou...
Discourse Discourse
Discourse Discourse 3.2.0
445
VMScore
CVE-2020-24327
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
Discourse Discourse 2.3.2
Discourse Discourse 2.6.0
NA
CVE-2023-22740
Discourse is an open source platform for community discussion. Versions before 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an exc...
Discourse Discourse
356
VMScore
CVE-2021-32788
Discourse is an open source discussion platform. In versions before 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants o...
Discourse Discourse
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »