PT-2023-29222 · Discourse+1 · Discourse+1
Highjomaxropublished
·
Published
2023-10-16
·
Updated
2024-03-06
·
CVE-2023-44388
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.1.1 stable and 3.2.0.beta2
Description
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem can be temporarily worked around by reducing the
client max body size nginx directive, which will limit the size of uploads that can be uploaded directly to the server.Recommendations
For versions prior to 3.1.1 stable, update to version 3.1.1 stable or later.
For versions prior to 3.2.0.beta2, update to version 3.2.0.beta2 or later.
As a temporary workaround, consider reducing the
client max body size nginx directive to limit the size of uploads that can be uploaded directly to the server.Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse
Nginx