PT-2023-18680 · Discourse · Discourse

Pmusaraj

Publicado

2023-01-26

Atualizado

2024-03-06

CVE-2023-22739

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.0.1 Discourse version 3.1.0.beta2 and earlier

Description Discourse is an open source platform for community discussion. The issue is related to Allocation of Resources Without Limits or Throttling, where a malicious user can create an arbitrarily large draft, forcing the instance to a crawl, as there is no limit on data contained in a draft.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later. For version 3.1.0.beta2 and earlier, update to version 3.1.0.beta2 or later. As a temporary workaround, consider restricting the ability to create large drafts until a patch is applied.

Exploit

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BIT-DISCOURSE-2023-22739

CVE-2023-22739

GHSA-RQGR-G6V7-JCFC

Produtos afetados

Discourse

PT-2023-18680 · Discourse · Discourse

CVE-2023-22739

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6