Nattsw

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest version **Description** An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with Content Security Policy (CSP) disabled. **Recommendations** For versions prior to the latest version, upgrade to the latest version of Discourse. As a temporary workaround for users unable to upgrade, ensure CSP is enabled on the forum. Consider enabling a Content Security Policy (CSP) as a proactive measure after upgrading.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest stable, beta and tests-passed version **Description** Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. **Recommendations** For all affected versions, upgrade to the latest stable, beta and tests-passed version of Discourse. There are no known workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest stable, beta and tests-passed version **Description** A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories, and/or groups. This issue has been patched in the latest stable, beta, and tests-passed version of Discourse. There are no known workarounds for this issue. **Recommendations** Upgrade to the latest stable, beta, or tests-passed version of Discourse to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to private sites, categories, and/or groups until the upgrade is complete. Avoid using encoded email addresses in the affected Discourse email handler until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest version **Description** Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. **Recommendations** Upgrade to the latest version of Discourse. As a temporary workaround, consider restricting the number of replies that can be fetched at once to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.2.5 Discourse versions prior to 3.3.0.beta5 **Description** The issue concerns crafting requests to submit very long tag group names, which can reduce the availability of a Discourse instance. **Recommendations** For versions prior to 3.2.5, update to version 3.2.5 to resolve the issue. For versions prior to 3.3.0.beta5, update to version 3.3.0.beta5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.2.3 **Description** Discourse is an open source platform for community discussion. In affected versions, by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. **Recommendations** For versions prior to 3.2.3, upgrade to stable version 3.2.3 or a current beta to address the issue. As a temporary workaround for users unable to upgrade, manually remove the long watched words either via SQL or Rails console.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.2.3 Discourse versions prior to 3.3.0.beta3 Discourse versions prior to 3.3.0.beta4-dev **Description** A rogue staff user could suspend other staff users, preventing them from logging in to the site. **Recommendations** For versions prior to 3.2.3, update to version 3.2.3 or later. For versions prior to 3.3.0.beta3, update to version 3.3.0.beta3 or later. For versions prior to 3.3.0.beta4-dev, update to version 3.3.0.beta4-dev or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches **Description** The issue affects moderators using the review queue, allowing them to see a user's email address even when the setting to allow moderators to view email addresses is disabled. **Recommendations** For versions prior to 3.2.3 on the stable branch, update to version 3.2.3 or later. For versions prior to 3.3.0.beta4 on the beta and tests-passed branches, update to version 3.3.0.beta4 or later. As a temporary workaround, consider preventing moderators from accessing the review queue. Alternatively, disable the `approve suspect users` site setting and the `must approve users` site setting to prevent users from being added to the review queue.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest stable, beta and tests-passed version **Description** The issue allows an attacker to discover the existence of secret categories when they have backgrounds set. This is a problem in an open source platform for community discussion. Users unable to upgrade should temporarily remove category backgrounds. **Recommendations** For versions prior to the latest stable, beta and tests-passed version, upgrade to the latest version. As a temporary workaround, consider removing category backgrounds until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest version **Description** The issue affects Discourse, an open source platform for community discussion. Users allowed to invite others can inject arbitrarily large data in parameters used in the invite route. **Recommendations** For versions prior to the latest version, upgrade to the latest version. As a temporary workaround for users unable to upgrade, consider disabling invites or restrict access to them using the `invite allowed groups` site setting.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest stable, beta and tests-passed version **Description** The issue affects Discourse, an open source platform for community discussion, due to the lack of a rate limit on the "POST /uploads" endpoint. This makes it easier for an attacker to carry out a denial-of-service (DoS) attack on the server, as creating an upload can be a resource-intensive process. The impact varies from site to site, depending on site settings such as `max image size kb`, `max attachment size kb`, and `max image megapixels`, which determine the amount of resources used when creating an upload. **Recommendations** For versions prior to the latest stable, beta and tests-passed version, upgrade to the latest version to resolve the issue. As a temporary workaround, consider reducing `max image size kb`, `max attachment size kb`, and `max image megapixels` to minimize the resources required for upload processing. Alternatively, reduce `client max body size` in Nginx to prevent large uploads from reaching the server.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest stable, beta and tests-passed version **Description** The issue allows an attacker to discover the existence of a secret subcategory under a public category with no public subcategories. There are no known workarounds for this issue. **Recommendations** Upgrade to the latest stable, beta and tests-passed version of Discourse.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest stable, beta, and tests-passed versions **Description** The issue affects the endpoints for suspending users, silencing users, and exporting CSV files, which do not enforce limits on the sizes of the parameters they accept. This could lead to excessive resource consumption, rendering an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. **Recommendations** Upgrade to the latest stable, beta, or tests-passed version of Discourse to resolve the issue. As a temporary workaround, consider restricting access to the endpoints for suspending users, silencing users, and exporting CSV files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest stable, beta and tests-passed versions **Description** Discourse is an open source platform for community discussion. In affected versions, a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear cache!` and `#notify changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. **Recommendations** For all affected versions of Discourse, upgrade to the latest stable, beta, or tests-passed version to resolve the issue. As a temporary workaround, consider restricting administrative access to trusted users only until the upgrade can be applied.

**Name of the Vulnerable Software and Affected Versions** discourse-chat versions prior to 0.9 **Description** The discourse-chat plugin for the Discourse message board has an issue where it renders a chat channel's name and description in an unsafe way, allowing staff members to cause a cross-site scripting (XSS) attack by inserting unsafe HTML into them. **Recommendations** For versions prior to 0.9, upgrade to version 0.9 to address the issue. At the moment, there is no other information about additional mitigation measures for this issue.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.3 Discourse beta versions prior to 2.9.0.beta4 **Description** The issue concerns the erroneous exposure of groups in Discourse, an open source platform for community discussion. When a group with restricted visibility is used to set the permissions of a category, the name of the group is leaked to any user who can see the category. **Recommendations** For versions prior to 2.8.3, a site administrator can remove groups with restricted visibility from any category's permissions setting as a workaround. For beta versions prior to 2.9.0.beta4, a site administrator can remove groups with restricted visibility from any category's permissions setting as a workaround.