CVE-2023-30606

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest stable, beta and tests-passed versions

Description Discourse is an open source platform for community discussion. In affected versions, a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably #clear cache! and #notify changed!, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected.

Recommendations For all affected versions of Discourse, upgrade to the latest stable, beta, or tests-passed version to resolve the issue. As a temporary workaround, consider restricting administrative access to trusted users only until the upgrade can be applied.