Discourse Encrypt Discourse Encrypt

Do you want an email whenever new security vulnerabilities are reported in Discourse Encrypt?

By the Year

In 2023 there have been 1 vulnerability in Discourse Encrypt with an average score of 6.1 out of ten. Discourse Encrypt did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.

Year Vulnerabilities Average Score
2023 1 6.10
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Discourse Encrypt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Discourse Encrypt Security Vulnerabilities

discourse-encrypt is a plugin that provides a secure communication channel through Discourse

CVE-2023-43657 6.1 - Medium - September 28, 2023

discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.


Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Discourse Encrypt or by Discourse? Click the Watch button to subscribe.