Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-38706
HistorySep 15, 2023 - 8:15 p.m.

CVE-2023-38706

2023-09-1520:15:09
CWE-770
[email protected]
web.nvd.nist.gov
6
discourse
cve-2023-38706
open-source
platform
discussion
version 3.1.1
version 3.2.0.beta1
resource exhaustion

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

14.5%

JSON

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches. There are no known workarounds.

VendorProductVersionCPE
discoursediscourse*cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
discoursediscourse*cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
discoursediscourse*cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Related

osv 2
cvelist 1
prion 1
openvas 2
osv
osv
CVE-2023-38706
2023-09-15 20:15:09
BIT-discourse-2023-38706
2024-03-06 10:54:51
cvelist
cvelist
CVE-2023-38706 Discourse vulnerable to DoS via drafts
2023-09-15 19:22:08
prion
prion
Design/Logic Flaw
2023-09-15 20:15:00
openvas
openvas
Discourse 3.1.x - 3.1.0.beta8 Multiple DoS Vulnerabilities
2023-04-21 00:00:00
Discourse < 3.1.1 Multiple DoS Vulnerabilities
2023-09-18 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

14.5%

JSON
Related for CVE-2023-38706
osv2cvelist1prion1openvas2