Discourse 2.8.x < 2.8.0.beta10 DoS Vulnerability CVE-2021-43850
- CVSSv3 Score
- Vulnerability description
Discourse is prone to a denial of service (DoS) vulnerability.
- Risk description
Admins users can trigger a Denial of Service attack via the /message-bus/_diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the /message-bus/_diagnostics path.
Update to version 2.8.0.beta10 or later.
- Not available