Lowjomaxropublished

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the `beta` and `tests-passed` branches **Description** Discourse is an open source platform for community discussion. There is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable security has changed, making it so the user can no longer access the underlying resource. **Recommendations** For versions prior to 3.1.3, update to version 3.1.3 or later of the `stable` branch. For version 3.2.0.beta3 and earlier of the `beta` and `tests-passed` branches, update to version 3.2.0.beta3 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.0.4 Discourse version 3.1.0.beta5 and earlier in the `beta` and `tests-passed` branches **Description** Discourse is an open source discussion platform. Multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. **Recommendations** For versions prior to 3.0.4, update to version 3.0.4 or later. For version 3.1.0.beta5 and earlier in the `beta` and `tests-passed` branches, update to version 3.1.0.beta5 or later. As a temporary workaround, consider disabling topic embedding if it has been enabled.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.9.0.beta13 **Description** Discourse is an open-source discussion platform. The issue allows users to post chat messages of an unlimited length, which can cause a denial of service for other users when huge amounts of text are posted. **Recommendations** For versions prior to 2.9.0.beta13, users should upgrade to version 2.9.0.beta13, where a limit on chat message length has been introduced to prevent the denial of service issue.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.12 Discourse versions prior to 2.9.0.beta13 **Description** Discourse is an open-source discussion platform. Under certain conditions, a user can see notifications for topics they no longer have access to, potentially exposing sensitive information in the topic title. **Recommendations** For versions prior to 2.8.12, update to version 2.8.12 or later. For versions prior to 2.9.0.beta13, update to version 2.9.0.beta13 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.8 **Description** The issue allows administrators to send invitations to arbitrary email addresses at an unlimited rate. **Recommendations** For versions prior to 2.8.8, update to version 2.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.4 in the stable branch Discourse versions prior to 2.9.0.beta5 in the beta and tests-passed branches **Description** Discourse is an open-source discussion platform. Prior to the fixed versions, banner topic data is exposed on login-required sites. As a workaround, one may disable banners. **Recommendations** For versions prior to 2.8.4 in the stable branch, update to version 2.8.4 or later. For versions prior to 2.9.0.beta5 in the beta and tests-passed branches, update to version 2.9.0.beta5 or later. As a temporary workaround, consider disabling banners until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Discourse versions 2.8.2 and prior in the `stable` branch Discourse versions 2.9.0.beta3 and prior in the `beta` branch Discourse versions 2.9.0.beta3 and prior in the `tests-passed` branch **Description** Discourse is an open source discussion platform. Users can request an export of their own activity, which may sometimes include the name of a secure category due to category settings, potentially leading to a data leak. This can occur when a user has category membership for a secure category or when their post has been moved to a secure category. **Recommendations** For versions 2.8.2 and prior in the `stable` branch, update to a version that includes the patch available in the `main` branch of Discourse's GitHub repository. For versions 2.9.0.beta3 and prior in the `beta` branch, update to a version that includes the patch available in the `main` branch of Discourse's GitHub repository. For versions 2.9.0.beta3 and prior in the `tests-passed` branch, update to a version that includes the patch available in the `main` branch of Discourse's GitHub repository.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.0.beta11 in the tests-passed branch Discourse versions prior to 2.8.0.beta11 in the beta branch Discourse versions prior to 2.7.13 in the stable branch **Description** The bios of users who made their profiles private were still visible in the <meta> tags on their users' pages. **Recommendations** For versions prior to 2.8.0.beta11 in the tests-passed branch, update to version 2.8.0.beta11. For versions prior to 2.8.0.beta11 in the beta branch, update to version 2.8.0.beta11. For versions prior to 2.7.13 in the stable branch, update to version 2.7.13.

Name of the Vulnerable Software and Affected Versions: Discourse (affected versions not specified) Description: A vulnerability in the Polls feature of Discourse allowed users to vote multiple times in a single-option poll. The issue is related to the `Polls` feature, but specific details about exploitation, such as API endpoints or vulnerable parameters, are not provided. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.