CVE-2023-38498

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches

Description A malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue affects Discourse, an open source discussion platform. Users of multisite configurations are at risk.

Recommendations For Discourse versions prior to 3.0.6 of the stable branch, upgrade to version 3.0.6. For Discourse versions prior to 3.1.0.beta7 of the beta and tests-passed branches, upgrade to version 3.1.0.beta7.

Exploit

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

BIT-DISCOURSE-2023-38498

CVE-2023-38498

GHSA-WV29-RM3F-4G2J

Affected Products

Discourse

CVE-2023-38498

Weakness Enumeration

Related Identifiers

Affected Products

References · 8