Tgxworld

**Name of the Vulnerable Software and Affected Versions** Discourse versions 3.5.0 and below **Description** Discourse is a community discussion platform. A flaw exists where malicious meta-commands could be placed within a backup dump and then executed during the restore process. In environments with multiple sites, this could allow an administrator of one site to gain access to data or credentials from other sites. **Recommendations** Update to version 3.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions 3.5.0 and below **Description** Discourse, an open-source community discussion platform, had an issue where authenticated users could access information about topics they were not authorized to view. This occurred through the AI suggestion endpoints for topic “Title”, “Category”, and “Tags”. By modifying the `topic id` value in API requests to these endpoints, users could target specific restricted topics. The AI model’s responses then disclosed information that the authenticated user shouldn’t have access to. The affected API endpoints are used for AI suggestions related to topics. **Recommendations** Update to version 3.5.1 or later. Restrict group access to the AI helper feature through the "composer ai helper allowed groups" and "post ai helper allowed groups" site settings.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.5.1 **Description** Discourse, an open-source community discussion platform, is affected by a cross-site scripting (XSS) issue. The issue stems from how the platform parses and renders chat channel titles and chat thread titles using the quote message functionality with the rich text editor. This allows for the execution of malicious scripts through crafted titles. **Recommendations** Update to version 3.5.1 or later.

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.5.0.beta8 Description: Discourse, an open-source discussion platform, contains a cross-site scripting (XSS) issue in the welcome banner user name string for logged-in users. This can affect the user or an administrator impersonating them. Recommendations: Update to version 3.5.0.beta8 or later. As a temporary workaround, administrators can alter the welcome banner.header.logged in members site text to remove the `preferred display name` placeholder. Administrators can avoid impersonating any users for the time being.

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.4.6 Discourse versions prior to 3.5.0.beta8-dev Description: Discourse is an open-source discussion platform where the visibility of posts typed `whisper` is controlled via the `whispers allowed groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users can continue to see their own whispers even after losing visibility of posts typed `whisper`. Recommendations: For versions prior to 3.4.6, update to version 3.4.6 or later. For versions prior to 3.5.0.beta8-dev, update to version 3.5.0.beta8-dev or later.

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.5.0.beta6 Description: The issue is related to cross-site scripting when the content security policy is not enabled, specifically when using social logins. Recommendations: For versions prior to 3.5.0.beta6, update to version 3.5.0.beta6 to resolve the issue. As a temporary workaround, enable the content security policy.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.4.3 Discourse versions prior to 3.5.0.beta3 **Description** Discourse is an open-source discussion platform. In versions prior to 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the user limit for a direct message (DM) can be bypassed. This allows the creation of a DM with all users of a site. **Recommendations** For versions prior to 3.4.3, update to version 3.4.3 or later to resolve the issue. For versions prior to 3.5.0.beta3, update to version 3.5.0.beta3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest commit **Description** Discourse is a platform for community discussion. In affected versions, any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. **Recommendations** Upgrade to the latest commit if running Discourse against the `tests-passed` branch.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.7.8 Discourse versions prior to 2.8.0.beta4 **Description** The issue concerns the email verification process in Discourse. When adding an extra email address to an existing account, an email token is generated. If the additional email address is deleted, the unused token remains valid and can be used in other contexts, such as resetting a password. **Recommendations** For versions prior to 2.7.8, update to version 2.7.8 or later to resolve the issue. For versions prior to 2.8.0.beta4, update to version 2.8.0.beta4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.7.8 Discourse versions prior to 2.8.0.beta5 **Description** The issue exposes a user's read state for a topic, including the last read post number and the notification level. **Recommendations** For versions prior to 2.7.8, update to version 2.7.8 or later. For versions prior to 2.8.0.beta5, update to version 2.8.0.beta5 or later.