CVE-2023-28107

CVSS v3.1

4.5

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.0.2 of the stable branch Discourse versions prior to 3.1.0.beta3 of the beta and tests-passed branches

Description The issue allows an administrator to request backups multiple times, consuming all database connections. This can affect the entire cluster if the site uses multisite.

Recommendations For versions prior to 3.0.2 of the stable branch, update to version 3.0.2 or later. For versions prior to 3.1.0.beta3 of the beta and tests-passed branches, update to version 3.1.0.beta3 or later.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-DISCOURSE-2023-28107

CVE-2023-28107

GHSA-CP7C-FM4C-6XXX

Affected Products

Discourse

CVE-2023-28107

Weakness Enumeration

Related Identifiers

Affected Products

References · 10