Blake Erickson

15 exploits Active since Jun 2022
CVE-2024-36122 WRITEUP LOW WRITEUP
Discourse < 3.2.3 and < 3.3.0.beta4 - Unauthorized Email Exposure in Review Queue
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue.
CVSS 2.4
CVE-2024-37299 WRITEUP MEDIUM WRITEUP
Discourse < 3.2.5 - Denial of Service via Long Tag Group Name
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 4.9
CVE-2024-39320 WRITEUP MEDIUM WRITEUP
Discourse < 3.2.5 - Unauthenticated iframe Injection via Allowed Iframes Bypass
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 6.1
CVE-2022-31059 WRITEUP MEDIUM WRITEUP
discourse_calendar < 1.0.1 - Cross-Site Scripting in Event Name Rendering
Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
CVSS 6.5
CVE-2022-31060 WRITEUP MEDIUM WRITEUP
Discourse <2.8.4-2.9.0.beta5 - Info Disclosure
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners.
CVSS 5.3
CVE-2022-46162 WRITEUP HIGH WRITEUP
Discourse BBCode <91478f5 - Code Injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.
CVSS 8.8
CVE-2023-23624 WRITEUP MEDIUM WRITEUP
Discourse < 3.0.1 - Unauthorized Exposure of Sensitive Information via Exclude Tag Parameter
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use.
CVSS 4.3
CVE-2023-26040 WRITEUP MEDIUM WRITEUP
Discourse 3.1.0.beta2-3.1.0.beta3 - Stored Cross-Site Scripting via Chat Message Editing
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds.
CVSS 6.5
CVE-2023-30611 WRITEUP MEDIUM WRITEUP
Discourse Reactions - Exposure of Sensitive Information via Private Topic Reaction Data Leak
Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue.
CVSS 4.3
CVE-2023-36818 WRITEUP MEDIUM WRITEUP
Discourse - Denial of Service via Custom Sidebar Section Update
Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 6.5
CVE-2023-37904 WRITEUP LOW WRITEUP
Discourse < 3.0.6 - Race Condition in Invite Link User Creation
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.
CVSS 2.6
CVE-2024-36122 WRITEUP LOW WRITEUP
Discourse < 3.2.3 and < 3.3.0.beta4 - Unauthorized Email Exposure in Review Queue
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue.
CVSS 2.4
CVE-2024-37299 WRITEUP MEDIUM WRITEUP
Discourse < 3.2.5 - Denial of Service via Long Tag Group Name
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 4.9
CVE-2024-39320 WRITEUP MEDIUM WRITEUP
Discourse < 3.2.5 - Unauthenticated iframe Injection via Allowed Iframes Bypass
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 6.1
CVE-2025-47288 WRITEUP LOW WRITEUP
Discourse Policy <0.1.1 - Info Disclosure
Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.
CVSS 3.5