Lucene search

K
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310150995
HistoryApr 21, 2023 - 12:00 a.m.

Discourse 3.1.x - 3.1.0.beta8 Multiple DoS Vulnerabilities

2023-04-2100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
discourse
denial of service
vulnerabilities
cve-2023-38706
cve-2023-40588
cve-2023-41042
cve-2023-41043
update
version 3.2.0.beta1
security advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0

Percentile

15.6%

Discourse is prone to multiple denial of service (DoS)
vulnerabilities.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:discourse:discourse";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.150995");
  script_version("2023-10-12T05:05:32+0000");
  script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
  script_tag(name:"creation_date", value:"2023-04-21 05:07:44 +0000 (Fri, 21 Apr 2023)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-21 13:25:00 +0000 (Thu, 21 Sep 2023)");

  script_cve_id("CVE-2023-38706", "CVE-2023-40588", "CVE-2023-41042", "CVE-2023-41043");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Discourse 3.1.x - 3.1.0.beta8 Multiple DoS Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_discourse_detect.nasl");
  script_mandatory_keys("discourse/detected");

  script_tag(name:"summary", value:"Discourse is prone to multiple denial of service (DoS)
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following vulnerabilities exist:

  - CVE-2023-38706: DoS via drafts

  - CVE-2023-40588: DoS via 2FA and Security Key Names

  - CVE-2023-41042: DoS via remote theme assets

  - CVE-2023-41043: DoS via SvgSprite cache");

  script_tag(name:"affected", value:"Discourse versions 3.1.x through 3.1.0.beta8.");

  script_tag(name:"solution", value:"Update to version 3.2.0.beta1 or later.");

  script_xref(name:"URL", value:"https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8");
  script_xref(name:"URL", value:"https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx");
  script_xref(name:"URL", value:"https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254");
  script_xref(name:"URL", value:"https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range(version: version, test_version: "3.1.0.beta", test_version2: "3.1.0.beta8")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "3.2.0.beta1", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0

Percentile

15.6%

Related for OPENVAS:1361412562310150995