Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse 2.9.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-23548
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in...
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse
6.5
CVSSv3
CVE-2022-23549
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are...
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse
5.4
CVSSv3
CVE-2023-22468
Discourse is an open source platform for community discussion. Versions before 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attack...
Discourse Discourse
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
3.5
CVSSv3
CVE-2022-46168
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Mos...
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse
5.5
CVSSv3
CVE-2022-23546
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issu...
Discourse Discourse 2.9.0
Discourse Discourse
4.3
CVSSv3
CVE-2022-41921
Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit ...
Discourse Discourse 2.9.0
Discourse Discourse
4.3
CVSSv3
CVE-2022-41944
Discourse is an open-source discussion platform. In stable versions before 2.8.12 and beta or tests-passed versions before 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topi...
Discourse Discourse 2.9.0
Discourse Discourse
8.8
CVSSv3
CVE-2022-39356
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest ver...
Discourse Discourse 2.9.0
Discourse Discourse
5.3
CVSSv3
CVE-2022-39378
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge m...
Discourse Discourse 2.9.0
Discourse Discourse
6.5
CVSSv3
CVE-2022-39385
Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This ...
Discourse Discourse 2.9.0
Discourse Discourse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »