CVE-2024-43789

Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:::::beta:::*
	cpe:2.3:a:discourse:discourse:3.4.0:-:::beta:::*

History

19 Oct 2024, 01:13

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:discourse:discourse:3.4.0:-:::beta:::* cpe:2.3:a:discourse:discourse:::::stable:::* cpe:2.3:a:discourse:discourse:::::beta:::*
First Time		Discourse Discourse discourse
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 4.3
References	~~() https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq -~~	() https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq - Third Party Advisory

10 Oct 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Discourse es una plataforma de código abierto para debates comunitarios. Un usuario puede crear una publicación con muchas respuestas y luego intentar obtenerlas todas a la vez. Esto puede reducir potencialmente la disponibilidad de una instancia de Discourse. Este problema se ha corregido en la última versión de Discourse. Se recomienda a todos los usuarios que actualicen la versión. No existen workarounds conocidas para esta vulnerabilidad.

07 Oct 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-07 21:15

Updated : 2024-10-19 01:13

NVD link : CVE-2024-43789

Mitre link : CVE-2024-43789

CVE.ORG link : CVE-2024-43789

JSON object : View

Products Affected

discourse

discourse

CWE

NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-43789", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-10-07T21:15:16.710", "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Un usuario puede crear una publicaci\u00f3n con muchas respuestas y luego intentar obtenerlas todas a la vez. Esto puede reducir potencialmente la disponibilidad de una instancia de Discourse. Este problema se ha corregido en la \u00faltima versi\u00f3n de Discourse. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."}], "lastModified": "2024-10-19T01:13:38.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "vulnerable": true, "matchCriteriaId": "F0E106D0-FFF5-4403-AEB9-D17876E0FE79", "versionEndExcluding": "3.3.1"}, {"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "2203A583-403B-4483-860A-460F22B9671E", "versionEndIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:-:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "BAB3A427-361B-4FC1-859D-D871B080DEE8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}