Vulnerability Description
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 3.0.3 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3wVendor Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3wVendor Advisory
FAQ
What is CVE-2023-28440?
CVE-2023-28440 is a vulnerability with a CVSS score of 2.7 (LOW). Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout...
How severe is CVE-2023-28440?
CVE-2023-28440 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28440?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.