Lucene search

[email protected]CVE-2023-36818

HistoryJul 14, 2023 - 10:15 p.m.

CVE-2023-36818

2023-07-1422:15:09

NVD-CWE-noinfo

CWE-400

[email protected]

web.nvd.nist.gov

discourse

open source

discussion platform

denial of service

vulnerability

patch

commit

cve-2023-36818

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.0%

JSON

Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit 52b003d915. Users are advised to upgrade. There are no known workarounds for this vulnerability.

VendorProductVersionCPE
discoursediscourse3.1.0beta5cpe:2.3:a:discourse:discourse:3.1.0beta5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
discourse	discourse	3.1.0beta5	cpe:2.3:a:discourse:discourse:3.1.0beta5:::::::*

References

github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff

github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for CVE-2023-36818

osv2 openvas1 prion1 cvelist1