Discourse 3.2.0 Beta 3 Beta Branch
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*
part: a version: 3.2.0 update: beta3
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse (4347364d-ae10-5ab6-a9ec-6e7dcaf78dd8) |
| Edition | * |
| Language | * |
| Software edition | beta |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse |
purl2cpe | 2026-06-01 10:13:03.596507 |
pkg:rpm/opensuse/discourse |
purl2cpe | 2026-06-01 10:13:03.596509 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32376 |
vulnerable | 2026-06-03 15:00:40.695137 |
Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.
Published: 2025-04-30T14:55:21.473Z
Updated: 2025-04-30T15:08:52.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24748 |
vulnerable | 2026-06-03 14:55:05.654624 |
Disclosure of the existence of secret subcategories in Discourse
MEDIUM (5.3)
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-03-15T19:15:17.121Z
Updated: 2024-08-27T19:43:50.659Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23834 |
vulnerable | 2026-06-03 14:55:04.752126 |
Discourse improperly sanitized user input leads to XSS
MEDIUM (6.3)
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.
Published: 2024-01-30T21:31:35.617Z
Updated: 2024-10-17T17:59:10.354Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21655 |
vulnerable | 2026-06-03 14:54:50.422828 |
Insufficient control of custom field value sizes
MEDIUM (4.3)
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.
Published: 2024-01-12T20:46:00.196Z
Updated: 2025-06-03T14:03:56.412Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49099 |
vulnerable | 2026-06-03 14:53:20.153055 |
Discourse secure uploads accessible to guests even when login is required
LOW (3.1)
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
Published: 2024-01-12T20:53:53.163Z
Updated: 2025-06-17T21:09:17.903Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48297 |
vulnerable | 2026-06-03 14:53:18.888032 |
Discourse vulnerable to unlimited mentioned users in message serializer
HIGH (8.6)
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.
Published: 2024-01-12T20:35:02.394Z
Updated: 2025-06-17T21:09:17.756Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.