Discourse 3.4.0 Beta 4
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse:3.4.0:beta4:*:*:beta:*:*:*
part: a version: 3.4.0 update: beta4
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse (4347364d-ae10-5ab6-a9ec-6e7dcaf78dd8) |
| Edition | * |
| Language | * |
| Software edition | beta |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse |
purl2cpe | 2026-06-01 10:13:03.613015 |
pkg:rpm/opensuse/discourse |
purl2cpe | 2026-06-01 10:13:03.613017 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32376 |
vulnerable | 2026-06-03 15:00:40.702712 |
Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.
Published: 2025-04-30T14:55:21.473Z
Updated: 2025-04-30T15:08:52.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24972 |
vulnerable | 2026-06-03 14:59:57.296209 |
Discourse may bypass user preference when adding users to chat groups
MEDIUM (4.3)
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats.
Published: 2025-03-26T14:15:13.164Z
Updated: 2025-03-26T18:25:38.709Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24808 |
vulnerable | 2026-06-03 14:59:56.947647 |
Discourse has race condition when adding users to a group DM
MEDIUM (4.3)
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due to a race condition. The patch in versions `3.3.4` and `3.4.0.beta5` uses the `lock` step in service to wrap part of the `add_users_to_channel` service inside a distributed lock/mutex in order to avoid the race condition.
Published: 2025-03-26T14:08:38.915Z
Updated: 2025-03-26T18:26:18.555Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56197 |
vulnerable | 2026-06-03 14:57:42.636649 |
Users can see other user's tagged PMs in Discourse
LOW (2.2)
Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the "PM tags allowed for groups" option.
Published: 2025-02-04T20:59:13.464Z
Updated: 2025-02-05T15:06:02.360Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.