← Volver a CVEs
CVE-2023-28440
LOW2.7
Descripcion
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Detalles CVE
Puntuacion CVSS v3.12.7
SeveridadLOW
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado4/18/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
discourse:discourse
Debilidades (CWE)
CWE-400
Referencias
https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w(security-advisories@github.com)
https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.