Issue Description During a security assessment of our customized Discourse deployment, we discovered a potential directory traversal vulnerability related to the /uploads/* endpoint. Problem Details Accessing /uploads/ allows users to fetch files from arbitrary upload directories by manipulating …

Maybe you are interested in the secure-uploads feature. [изображение] Secure Uploads megaphoneAnnouncements Added in the Discourse 2.4 release in February is the Secure Uploads feature, which provides a higher degree of security for ALL uploads (images, video, …

Potential Directory Traversal: /uploads/* allows cross-directory file access

Поддержка

Moin 08.Июль.2025 10:42:08 2

Maybe you are interested in the secure-uploads feature.

3 лайка

Тема		Ответов	Просм.
Potential resource exhaustion: No rate limiting on /uploads.json allows mass file uploads Support uploads	0	70	08.07.2025
Personal Message attachments accessible to unauthenticated users (missing auth check) Support secure-uploads , personal-messages	1	71	08.07.2025
Does anyone have some suggestions how should I go about investigating Discourse losing old uploads? Support	0	24	04.07.2024
Understanding Uploads, Images, and Attachments Site Management explanation , file-management	5	6123	15.01.2025
Secure Uploads Announcements secure-uploads	46	17059	24.07.2025

Potential Directory Traversal: /uploads/* allows cross-directory file access

Связанные темы