PT-2023-26478 · Discourse · Discourse

Jomaxro

Publicado

2023-07-28

Atualizado

2024-03-06

CVE-2023-38498

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches

Description A malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue affects Discourse, an open source discussion platform. Users of multisite configurations are at risk.

Recommendations For Discourse versions prior to 3.0.6 of the stable branch, upgrade to version 3.0.6. For Discourse versions prior to 3.1.0.beta7 of the beta and tests-passed branches, upgrade to version 3.1.0.beta7.

Exploit

Correção

Resource Exhaustion

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-770

Identificadores relacionados

BIT-DISCOURSE-2023-38498

CVE-2023-38498

GHSA-WV29-RM3F-4G2J

Produtos afetados

Discourse

PT-2023-26478 · Discourse · Discourse

CVE-2023-38498

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8