Latest discourse discourse Vulnerabilities

● CVE-2024-23834

Discourse improperly sanitized user input leads to XSS

Discourse Discourse<3.1.5

Discourse Discourse<3.2.0

Discourse Discourse=3.2.0-beta1

Discourse Discourse=3.2.0-beta2

Discourse Discourse=3.2.0-beta3

Discourse Discourse=3.2.0-beta4

● CVE-2023-49099

Discourse secure uploads accessible to guests even when login is required

Discourse Discourse<3.1.4

Discourse Discourse=3.2.0-beta1

Discourse Discourse=3.2.0-beta2

Discourse Discourse=3.2.0-beta3

● CVE-2024-21655

Insufficient control of custom field value sizes

Discourse Discourse<3.1.4

Discourse Discourse=3.2.0-beta1

Discourse Discourse=3.2.0-beta2

Discourse Discourse=3.2.0-beta3

● CVE-2023-48297

Discourse vulnerable to unlimited mentioned users in message serializer

Discourse Discourse<3.1.4

Discourse Discourse=3.2.0-beta1

Discourse Discourse=3.2.0-beta2

Discourse Discourse=3.2.0-beta3

● CVE-2023-47121

Discourse SSRF vulnerability in Embedding

Discourse Discourse<3.1.3

Discourse Discourse<3.2.0

Discourse Discourse=3.2.0-beta1

Discourse Discourse=3.2.0-beta2

● CVE-2023-47120

Discourse DoS through Onebox favicon URL

Discourse Discourse>=3.1.0<3.1.3

Discourse Discourse=3.1.0-beta6

Discourse Discourse=3.1.0-beta7

Discourse Discourse=3.1.0-beta8

Discourse Discourse=3.2.0-beta1

Discourse Discourse=3.2.0-beta2

● CVE-2023-47119

HTML injection in oneboxed links

Discourse Discourse<3.1.3

Discourse Discourse<3.2.0

Discourse Discourse=3.2.0-beta1

Discourse Discourse=3.2.0-beta2

● CVE-2023-45806

Discourse vulnerable to DoS via Regexp Injection in Full Name

Discourse Discourse<3.1.3

Discourse Discourse<3.2.0

Discourse Discourse=3.2.0-beta1

Discourse Discourse=3.2.0-beta2

● CVE-2023-44391

Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in...

Discourse Discourse<=3.1.1

Discourse Discourse=3.2.0-beta1

● CVE-2023-43814

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in...

Discourse Discourse<=3.1.1

Discourse Discourse=3.2.0-beta1

● CVE-2023-43659

Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites w...

Discourse Discourse<=3.1.1

Discourse Discourse=3.2.0-beta1

● CVE-2023-45131

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2....

Discourse Discourse<=3.1.1

Discourse Discourse=3.2.0-beta1

● CVE-2023-44388

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This probl...

Discourse Discourse<=3.1.1

Discourse Discourse=3.2.0-beta1

● CVE-2023-45147

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins ...

Discourse Discourse<=3.1.1

Discourse Discourse=3.2.0-beta1

● CVE-2023-40588

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or se...

Discourse Discourse<3.1.1

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 208 more

● CVE-2023-41043

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extreme...

Discourse Discourse<3.1.1

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 208 more

● CVE-2023-41042

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their a...

Discourse Discourse<3.1.1

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 208 more

● CVE-2023-38706

Discourse Discourse<3.1.0

Discourse Discourse<=3.1.0

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

Discourse Discourse=3.1.0-beta3

Discourse Discourse=3.1.0-beta5

and 3 more

● CVE-2023-38498

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer...

Discourse Discourse<3.0.6

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 206 more

● CVE-2023-38684

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discou...

Discourse Discourse<3.0.6

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 206 more

● CVE-2023-38685

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibilit...

Discourse Discourse<3.0.6

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 206 more

● CVE-2023-37906

Discourse Discourse<3.0.6

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 206 more

● CVE-2023-37904

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be cre...

Discourse Discourse<3.0.6

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 206 more

● CVE-2023-37467

Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could ...

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

Discourse Discourse=1.1.0-beta6

and 205 more

● CVE-2023-36466

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis...

Discourse Discourse<3.0.5

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 204 more

● CVE-2023-36818

Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d...

Discourse Discourse=3.1.0-beta5

● CVE-2023-36473

Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the momen...

Discourse Discourse<3.0.5

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 204 more

● CVE-2023-32061

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame...

Discourse Discourse<3.0.4

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

Discourse Discourse=3.1.0-beta3

Discourse Discourse=3.1.0-beta4

● CVE-2023-31142

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general c...

Discourse Discourse<3.0.4

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

Discourse Discourse=3.1.0-beta3

Discourse Discourse=3.1.0-beta4

● CVE-2023-34250

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics d...

Discourse Discourse<3.0.4

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

Discourse Discourse=3.1.0-beta3

Discourse Discourse=3.1.0-beta4

● CVE-2023-32301

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be cre...

Discourse Discourse<3.0.4

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

Discourse Discourse=3.1.0-beta3

Discourse Discourse=3.1.0-beta4

● CVE-2023-30606

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and...

Discourse Discourse<=3.0.1

Discourse Discourse<3.1.0

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

● CVE-2023-30538

Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted...

Discourse Discourse<=3.0.2

Discourse Discourse<3.1.0

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

Discourse Discourse=3.1.0-beta3

● CVE-2023-29196

Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and th...

Discourse Discourse<3.0.3

Discourse Discourse<3.1.0

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

Discourse Discourse=3.1.0-beta3

● CVE-2023-28440

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout...

Discourse Discourse<3.0.3

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 204 more

● CVE-2023-28112

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection....

Discourse Discourse<3.1.0

Discourse Discourse<=3.1.0

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

● CVE-2023-28107

Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can ...

Discourse Discourse<=3.0.1

Discourse Discourse<3.1.0

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

● CVE-2023-25172

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be inclu...

Discourse Discourse<3.0.1

Discourse Discourse<3.1.0

Discourse Discourse=3.1.0-beta1

● CVE-2023-28111

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) pro...

Discourse Discourse<3.1.0

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

● CVE-2023-23622

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a ta...

Discourse Discourse<3.0.0

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 201 more

● CVE-2023-26040

Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could l...

Discourse Discourse=3.1.0-beta2

● CVE-2023-23935

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal m...

Discourse Discourse<3.0.1

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 202 more

● CVE-2023-25819

Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta...

Discourse Discourse<3.1.0

Discourse Discourse=3.1.0-beta1

Discourse Discourse=3.1.0-beta2

● CVE-2023-25167

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the ...

Discourse Discourse<3.0.1

Discourse Discourse=3.1.0-beta1

● CVE-2023-23616

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is...

Discourse Discourse<3.0.1

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 202 more

● CVE-2023-23624

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param...

Discourse Discourse<3.0.1

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 202 more

● CVE-2023-23620

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restrict...

Discourse Discourse<3.0.1

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 202 more

● CVE-2023-23621

Discourse Discourse<3.0.1

Discourse Discourse=1.1.0-beta1

Discourse Discourse=1.1.0-beta2

Discourse Discourse=1.1.0-beta3

Discourse Discourse=1.1.0-beta4

Discourse Discourse=1.1.0-beta5

and 202 more

● CVE-2023-22739

Discourse Discourse<3.0.1

Discourse Discourse=3.1.0-beta1

● CVE-2023-22468

Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciou...

Discourse Discourse<2.8.13

Discourse Discourse=2.9.0-beta1

Discourse Discourse=2.9.0-beta10

Discourse Discourse=2.9.0-beta11

Discourse Discourse=2.9.0-beta12

Discourse Discourse=2.9.0-beta13

and 10 more

Latest discourse discourse Vulnerabilities

Company

Resources

Contact