Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-38498
HistoryJul 28, 2023 - 4:15 p.m.

CVE-2023-38498

2023-07-2816:15:12
CWE-770
CWE-400
[email protected]
web.nvd.nist.gov
25
cve-2023-38498
discourse
open source
discussion platform
vulnerability
upgrade
multisite configuration

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

14.6%

JSON

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.

VendorProductVersionCPE
discoursediscourse*cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
discoursediscourse*cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Related

prion 1
openvas 2
githubexploit 1
osv 2
prion
prion
Design/Logic Flaw
2023-07-28 16:15:00
openvas
openvas
Discourse < 3.0.7 DoS Vulnerability
2023-07-31 00:00:00
Discourse 3.1.x < 3.1.0.beta8 DoS Vulnerability
2023-07-31 00:00:00
githubexploit
githubexploit
Exploit for Allocation of Resources Without Limits or Throttling in Discourse
2023-08-09 19:56:07
osv
osv
CVE-2023-38498
2023-07-28 16:15:12
BIT-discourse-2023-38498
2024-03-06 10:55:24

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

14.6%

JSON
Related for CVE-2023-38498
prion1openvas2githubexploit1osv2