Issue Description During a security assessment of our customized Discourse deployment, we discovered a potential directory traversal vulnerability related to the /uploads/* endpoint. Problem Details Accessing /uploads/ allows users to fetch files from arbitrary upload directories by manipulating …

Maybe you are interested in the secure-uploads feature. [Bild] Secure Uploads megaphoneAnnouncements Added in the Discourse 2.4 release in February is the Secure Uploads feature, which provides a higher degree of security for ALL uploads (images, video, audio, …

Möglicher Verzeichnis-Traversal: /uploads/* erlaubt dateiübergreifenden Dateizugriff

Unterstützung

Moin 8. Juli 2025 um 10:42 2

Vielleicht interessiert Sie die Funktion secure-uploads.

Thema		Antworten	Aufrufe
Potential resource exhaustion: No rate limiting on /uploads.json allows mass file uploads Support uploads	0	73	8. Juli 2025
Personal Message attachments accessible to unauthenticated users (missing auth check) Support secure-uploads , personal-messages	1	84	8. Juli 2025
Does anyone have some suggestions how should I go about investigating Discourse losing old uploads? Support	0	27	4. Juli 2024
Understanding Uploads, Images, and Attachments Site Management explanation , file-management	5	6297	15. Januar 2025
Secure Uploads Announcements secure-uploads	46	17227	24. Juli 2025

Möglicher Verzeichnis-Traversal: /uploads/* erlaubt dateiübergreifenden Dateizugriff

Verwandte Themen