cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-55948,https://securityvulnerability.io/vulnerability/CVE-2024-55948,XSRF Vulnerability in Discourse Community Forum Software,"An identified vulnerability in the Discourse platform allows for the potential exploitation via crafted XHR requests that can poison the anonymous cache. This issue specifically affects anonymous visitors, leading to responses that might lack essential preloaded data. Despite its impact, the situation can be mitigated by upgrading to the latest version of Discourse. For users unable to implement the update, a temporary fix is to disable the anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value. For more details, refer to the official advisory.",Discourse,Discourse,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-04T21:01:59.746Z,0
CVE-2025-23023,https://securityvulnerability.io/vulnerability/CVE-2025-23023,Cache Poisoning Vulnerability in Discourse by Discourse,"In Discourse, a widely used open-source community discussion platform, a cache poisoning vulnerability allows an attacker to craft malicious requests aimed at manipulating the anonymous cache. This manipulation can lead to responses that lack essential preloaded data, affecting the experience of anonymous visitors. To mitigate this issue, users are strongly encouraged to update to the latest version of Discourse. For those unable to perform the upgrade, it is advisable to disable the anonymous cache by configuring the `DISCOURSE_DISABLE_ANON_CACHE` environment variable appropriately.",Discourse,Discourse,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-04T20:48:53.343Z,0
CVE-2024-54142,https://securityvulnerability.io/vulnerability/CVE-2024-54142,HTML Entity Exposure in Discourse AI Plugin by Discourse,"The Discourse AI plugin introduces a vulnerability that could potentially expose HTML entities present in conversations when shared in posts. If a user visits a post featuring a onebox linked to a conversation, these HTML entities may inadvertently leak into the Discourse application. The issue has been mitigated in a recent commit, and users are strongly encouraged to update their installations. For those unable to update, it is recommended to modify the 'ai bot public sharing allowed groups' site setting to prevent such leakage.",Discourse,Discourse-ai,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T23:15:00.000Z,0
CVE-2024-47773,https://securityvulnerability.io/vulnerability/CVE-2024-47773,Anonymous Cache Poisoning Vulnerability in Discourse Affects Only Anonymous Visitors,"A vulnerability exists in the Discourse platform, an open-source solution for community discussions, allowing attackers to exploit a cache poisoning issue. This vulnerability primarily affects anonymous visitors who may encounter manipulated responses due to repeatedly made XHR requests. Once attacked, the cache can deliver unauthorized content, compromising the integrity of user interactions. The issue has been addressed in the latest version of Discourse, and users are strongly encouraged to upgrade. Those who cannot upgrade should disable the anonymous cache by configuring the `DISCOURSE_DISABLE_ANON_CACHE` environment variable accordingly.",Discourse,Discourse,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-08T18:01:14.063Z,0
CVE-2024-45051,https://securityvulnerability.io/vulnerability/CVE-2024-45051,Attackers Can Bypass Domain-Based Restrictions in Discourse Due to Recent Vulnerability,"A critical vulnerability exists in Discourse, an open-source platform for community discussion, which allows an attacker to utilize a crafted email address to circumvent domain-based restrictions. This exploitation enables unauthorized access to private sites, categories, and groups within the platform. The issue has been addressed in the latest versions of Discourse, and all users are strongly urged to upgrade as there are no existing workarounds. Ensuring that your Discourse installation is up-to-date is essential for maintaining security.",Discourse,Discourse,8.2,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-07T21:15:00.000Z,0
CVE-2024-37299,https://securityvulnerability.io/vulnerability/CVE-2024-37299,Discourse vulnerability affects very long tag group names,"A vulnerability in the Discourse discussion platform allows attackers to craft specific requests that submit excessively long tag group names. This can lead to a reduction in the availability of Discourse instances, impacting users and administrators. The issue has been addressed in versions 3.2.5 and 3.3.0.beta5, enhancing the platform's resilience against potential disruptions caused by input validation flaws.",Discourse,Discourse,7.5,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-07-30T14:22:36.367Z,0
CVE-2024-35227,https://securityvulnerability.io/vulnerability/CVE-2024-35227,Carefully crafted malicious URL can reduce Discourse instance availability,"A vulnerability exists in the Discourse open-source discussion platform where the Oneboxing feature can be exploited using a carefully crafted malicious URL. This may lead to reduced availability of the Discourse instance. The vulnerability impacts versions prior to 3.2.3 on the stable branch and 3.3.0.beta3 on the tests-passed branch. Users are advised to upgrade to the specified patched versions, as there are currently no workarounds available to mitigate this issue.",Discourse,Discourse,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-07-03T18:15:00.000Z,0
CVE-2024-23654,https://securityvulnerability.io/vulnerability/CVE-2024-23654,Admin-Initiated SSRF Attacks Vulnerability in Discourse-AI Plugin,"The Discourse AI plugin for the Discourse platform has a vulnerability that allows unauthorized admin-initiated Server-Side Request Forgery (SSRF) attacks. This vulnerability arises from interactions with various AI services, exposing the system to potential exploitation. Versions of the plugin affected by this issue have been addressed in later commits, specifically after commit 94ba0dadc2cf38e8f81c3936974c167219878edd, which contains the necessary patch. For immediate remediation, users can temporarily disable the discourse-ai plugin.",discourse,discourse-ai,7.2,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-21T20:28:12.939Z,0
CVE-2023-46241,https://securityvulnerability.io/vulnerability/CVE-2023-46241,Discourse Plugin Vulnerability Affects Microsoft Authentication,"The `discourse-microsoft-auth` plugin, designed for Microsoft-based user authentication on Discourse platforms, contains a vulnerability that may expose user accounts to unauthorized control. This issue arises when sites are configured with account types beyond `Accounts in this organizational directory only (O365 only - Single tenant)`. Attackers may exploit this configuration to manipulate user accounts, potentially compromising sensitive information. Affected sites are advised to apply the patch available in commit c40665f44509724b64938c85def9fb2e79f62ec8, which includes a new `microsoft_auth:revoke` rake task. This task not only logs out affected users but also revokes their API keys and disconnects their accounts from Microsoft. Administrators can temporarily mitigate risk by disabling the plugin until the patch is fully implemented.",Discourse,Discourse-microsoft-auth,8.1,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-02-21T16:08:41.494Z,0
CVE-2023-48297,https://securityvulnerability.io/vulnerability/CVE-2023-48297,Discourse vulnerable to unlimited mentioned users in message serializer,"A vulnerability has been identified in Discourse, a platform designed for community discussions, specifically related to its message serialization functionality. The issue arises when the system processes chat mentions like @all and @here, which can lead to a significantly long array of users being included. This has the potential to create performance issues or exploitative scenarios within the application. The vulnerability has been addressed in the updates provided in versions 3.1.4 and beta 3.2.0.beta5.",discourse,discourse,7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2024-01-12T20:35:02.394Z,0
CVE-2023-47121,https://securityvulnerability.io/vulnerability/CVE-2023-47121,Discourse SSRF vulnerability in Embedding,"The Discourse platform, a widely used open-source solution for online community discussions, has a vulnerability in its embedding feature that allows for server side request forgery prior to specific version releases. This can potentially allow attackers to send requests from the server and access sensitive internal resources. Users are advised to upgrade to version 3.1.3 of the stable branch or version 3.2.0.beta3 of the beta and tests-passed branches to mitigate this risk. Alternatively, disabling the embedding feature serves as a temporary workaround.",discourse,discourse,9.8,CRITICAL,0.0016599999507889152,false,,false,false,false,,,false,false,,2023-11-10T16:15:00.000Z,0
CVE-2023-47120,https://securityvulnerability.io/vulnerability/CVE-2023-47120,Discourse DoS through Onebox favicon URL,"Discourse, an open-source community discussion platform, is affected by a memory depletion vulnerability that occurs when a site allows the use of excessively long favicon URLs in crafted posts. This issue can lead to significant Redis memory depletion, especially when multiple posts are drafted referencing such URLs. The vulnerability is present in the 'stable' branch versions 3.1.0 through 3.1.2 and 'beta' branch versions 3.1.0-beta6 through 3.2.0-beta2. The recommended mitigation is to upgrade to version 3.1.3 in the stable branch or 3.2.0.beta3 in the beta branches, as no workarounds are available to address the issue.",Discourse,Discourse,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-11-10T16:15:00.000Z,0
CVE-2023-43659,https://securityvulnerability.io/vulnerability/CVE-2023-43659,Cross-site Scripting via email preview when CSP disabled in Discourse,"An improper escaping of user input within the digest email preview UI of the Discourse community platform poses a vulnerability that can be exploited for Cross-site Scripting (XSS) attacks. This issue specifically impacts installations where Content Security Policy (CSP) is disabled. To mitigate the risk, users are encouraged to upgrade to the patched versions, namely Discourse 3.1.1 or Discourse 3.2.0.beta1. For users unable to perform an upgrade, enabling CSP on forums is essential for enhancing security.",Discourse,Discourse,8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-10-16T22:15:00.000Z,0
CVE-2023-45131,https://securityvulnerability.io/vulnerability/CVE-2023-45131,Unauthenticated access to new private chat messages in Discourse,"An issue has been identified in the Discourse platform that allows attackers to read new chat messages by executing unauthenticated POST requests to the MessageBus. This vulnerability poses a significant risk as it enables unauthorized individuals to intercept community discussions. Users are strongly encouraged to update to versions 3.1.1 or 3.2.0.beta2, where this issue has been resolved, as there are currently no workarounds available.",Discourse,Discourse,7.5,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2023-10-16T22:15:00.000Z,0
CVE-2023-44388,https://securityvulnerability.io/vulnerability/CVE-2023-44388,Malicious requests can fill up the log files resulting in a deinal of service in Discourse,"A vulnerability in the Discourse open source platform allows a malicious request to rapidly fill production log files, potentially leading to server disk space exhaustion. This situation can disrupt service availability for users. Administrators can mitigate this issue by updating to the patched versions 3.1.1 or 3.2.0.beta2, or by temporarily reducing the 'client_max_body_size' directive in their nginx configuration to limit the size of upload requests. For detailed mitigation strategies, consult the linked resources.",Discourse,Discourse,7.5,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-10-16T22:15:00.000Z,0
CVE-2023-43658,https://securityvulnerability.io/vulnerability/CVE-2023-43658,Improper escaping of user input in discourse-calendar,"The Discourse Calendar plugin for Discourse messaging platform is susceptible to Cross-site Scripting (XSS) due to improper escaping of event titles in the email preview interface, especially when Content Security Policy (CSP) is disabled. Although this typically affects a minority of users as CSP is not a default setting, it is crucial for site administrators to upgrade to the latest version of the plugin to mitigate potential risks. For those unable to perform an upgrade, enabling CSP on their forums is strongly advised to enhance security. Further details and patches can be accessed through the provided source links.",Discourse,Discourse-calendar,8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-10-16T22:15:00.000Z,0
CVE-2023-43657,https://securityvulnerability.io/vulnerability/CVE-2023-43657,Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration,"The discourse-encrypt plugin for Discourse has a defect related to improper escaping of encrypted topic titles. This issue can result in a cross site scripting (XSS) vulnerability when the site's Content Security Policy (CSP) headers are not enabled. Although this scenario occurs under a non-default condition, the presence of CSP headers is crucial for reducing risk. To address this vulnerability, users are encouraged to update the discourse-encrypt plugin to the latest version as indicated in commit `9c75810af9`. For users unable to perform the update, enabling and appropriately configuring CSP headers is strongly recommended.",Discourse,Discourse-encrypt,7.2,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-09-28T19:15:00.000Z,0
CVE-2023-28112,https://securityvulnerability.io/vulnerability/CVE-2023-28112,Discourse's SSRF protection missing for some FastImage requests,A vulnerability exists in the Discourse open-source discussion platform where user-provided URLs are passed to FastImage without adequate SSRF protections. This flaw permits attackers to establish outbound network connections from the Discourse server to private IP addresses. Sites operating on `tests-passed` or `beta` branches prior to version 3.1.0.beta3 are at risk. There is no known workaround for this issue; those who are affected are advised to update to the patched version immediately.,discourse,discourse,8.1,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-03-17T19:15:00.000Z,0
CVE-2023-28111,https://securityvulnerability.io/vulnerability/CVE-2023-28111,Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses,"The Discourse platform contains a server-side request forgery (SSRF) vulnerability that allows attackers to bypass security restrictions for private IPv4 addresses by using IPv4-mapped IPv6 addresses. This vulnerability affects versions prior to 3.1.0.beta3 on the beta and tests-passed branches. Users are encouraged to upgrade to the patched versions immediately to safeguard their systems against potential exploitation. As of now, there are no known workarounds for this issue.",discourse,discourse,7.5,HIGH,0.0012700000079348683,false,,false,false,false,,,false,false,,2023-03-17T17:15:00.000Z,0
CVE-2023-23621,https://securityvulnerability.io/vulnerability/CVE-2023-23621,Discourse vulnerable to ReDoS in user agent parsing,"Discourse, the open-source discussion platform, is affected by a vulnerability that permits a malicious individual to exploit the system through a specially crafted user agent, leading to a regular expression denial of service. This vulnerability impacts versions before 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches. The flaw has been patched in the specified versions, ensuring the platform's security against this type of attack, which can degrade service availability.",discourse,discourse,7.5,HIGH,0.0012100000167265534,false,,false,false,false,,,false,false,,2023-01-28T00:15:00.000Z,0
CVE-2022-46177,https://securityvulnerability.io/vulnerability/CVE-2022-46177,Discourse password reset link can lead to in account takeover if user changes to a new email,"The Discourse platform contains a security flaw where a user can request a password reset link while changing their primary email address. If the user utilizes the old email for resetting their password, this could lead to a scenario where their account is re-linked to the old email, making it vulnerable to an account takeover if that old email is compromised. This issue affects versions prior to 2.8.14 on the stable branch and 3.0.0.beta16 on beta branches. Users are advised to upgrade to secure versions to mitigate this risk, or alternatively, reduce the `email_token_valid_hours` setting, currently set to 48 hours, as a temporary workaround.",discourse,discourse,8.1,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-01-05T19:48:05.483Z,0
CVE-2022-46162,https://securityvulnerability.io/vulnerability/CVE-2022-46162,Discourse BBCode plugin vulnerable to arbitrary CSS injection,"discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.",Discourse,Discourse-bbcode,8.8,HIGH,0.002420000033453107,false,,false,false,false,,,false,false,,2022-11-30T00:00:00.000Z,0
CVE-2022-46148,https://securityvulnerability.io/vulnerability/CVE-2022-46148,Discourse allows self-XSS through malicious composer message,"Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.",Discourse,Discourse,7.1,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-11-29T00:00:00.000Z,0
CVE-2022-39241,https://securityvulnerability.io/vulnerability/CVE-2022-39241,Possible Server-Side Request Forgery (SSRF) in webhooks,"Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs.",Discourse,Discourse,7.6,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-39356,https://securityvulnerability.io/vulnerability/CVE-2022-39356,Discourse user account takeover via email and invite link,Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses.,Discourse,Discourse,8.9,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0