Exploit Report

Computer Security And Bug Information


CVE Title
Published Date2023-03-17T17:15Z
Modified Date2023-03-20T02:46Z
CWE TypeCWE-770
DescriptionDiscourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61
Reference DescriptionMISC https://github.com/discourse/discourse/commit/78a3efa7104eed6dd3ed7a06a71e2705337d9e61
Reference URLhttps://github.com/discourse/discourse/pull/20700
Reference DescriptionMISC https://github.com/discourse/discourse/pull/20700
Reference URLhttps://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx
Reference DescriptionMISC https://github.com/discourse/discourse/security/advisories/GHSA-cp7c-fm4c-6xxx
Reference URLhttps://github.com/discourse/discourse/pull/20701
Reference DescriptionMISC https://github.com/discourse/discourse/pull/20701
Reference URLhttps://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9
Reference DescriptionMISC https://github.com/discourse/discourse/commit/0bd64788d2b4680c04fbef76314a24884d65fed9
  • No CVSS data for this CVE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles