Samsaffron

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.0.beta10 Discourse versions prior to 2.7.12 **Description** The issue affects Discourse, an open source platform for community discussion, where admin users can trigger a Denial of Service attack via the "/message-bus/ diagnostics" API endpoint. This vulnerability has a greater impact on multisite Discourse instances, where any admin user on any of the forums can visit the "/message-bus/ diagnostics" path. **Recommendations** For versions prior to 2.8.0.beta10, upgrade to 2.8.0.beta10 or later. For versions prior to 2.7.12, upgrade to 2.7.12 or later.