| CVE | CVE-2023-28107 |
| CVE Title | |
| Published Date | 2023-03-17T17:15Z |
| Modified Date | 2023-03-20T02:46Z |
| CWE Type | CWE-770 |
| Description | Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. |
| References | |
| By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
| Reference URL | https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61 |
| Reference Description | MISC https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61 |
| Reference URL | https://github.com/discourse/discourse/pull/20700 |
| Reference Description | MISC https://github.com/discourse/discourse/pull/20700 |
| Reference URL | https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx |
| Reference Description | MISC https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx |
| Reference URL | https://github.com/discourse/discourse/pull/20701 |
| Reference Description | MISC https://github.com/discourse/discourse/pull/20701 |
| Reference URL | https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9 |
| Reference Description | MISC https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9 |
| Sources | NIST MITRE |
Note
- No CVSS data for this CVE