Описание
Discourse is an open-source discussion platform. Prior to version 3.0.2 of the stable branch and version 3.1.0.beta3 of the beta and tests-passed branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the stable branch and version 3.1.0.beta3 of the beta and tests-passed branches. There are no known workarounds.
Ссылки
- Patch
- Patch
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.1 (включая)Версия до 3.1.0 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*
EPSS
Процентиль: 44%
0.00216
Низкий
4.5 Medium
CVSS3
4.9 Medium
CVSS3
Дефекты
CWE-770
EPSS
Процентиль: 44%
0.00216
Низкий
4.5 Medium
CVSS3
4.9 Medium
CVSS3
Дефекты
CWE-770