Jarek Radosz

5 exploits Active since Sep 2022
CVE-2022-23549 WRITEUP MEDIUM WRITEUP
Discourse < 2.8.14 - Input Validation Bypass via HTML Comments
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
CVSS 5.7
CVE-2022-36066 WRITEUP CRITICAL WRITEUP
Discourse <2.8.9-2.9.0.beta10 - RCE
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
CVSS 9.1
CVE-2022-36068 WRITEUP HIGH WRITEUP
Discourse <2.8.9-2.9.0.beta10 - Privilege Escalation
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
CVSS 7.2
CVE-2022-39232 WRITEUP MEDIUM WRITEUP
Discourse 2.9.0.beta5-2.9.0.beta10 - Denial of Service via Incomplete Quote Handling
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.
CVSS 6.5
CVE-2022-39270 WRITEUP MEDIUM WRITEUP
discourse/discotoc < 2.1.0 - Authenticated Stored Cross-Site Scripting via Topic Creation
DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level - configured in component's settings) are able to inject arbitrary HTML on that topic's page. The issue has been fixed on the `main` branch. Admins can update the theme component through the admin UI (Customize -> Themes -> Components -> DiscoTOC -> Check for Updates). Alternatively, admins can temporarily disable the DiscoTOC theme component.
CVSS 5.4