HomePentest-Tools.com Logo

Discourse 3.1.x < 3.1.0.beta3 Multiple Vulnerabilities CVE-2023-23935CVE-2023-28107CVE-2023-28111CVE-2023-28112CVE-2023-25819CVE-2023-30606

Severity
CVSSv3 Score
4.9
Vulnerability description

Discourse is prone to multiple vulnerabilities

Risk description

The following vulnerabilities exist: - CVE-2023-23935: Presence of restricted personal messages may be leaked if tagged with a tag - CVE-2023-28107: Multisite DoS by spamming backups - CVE-2023-28111: SSRF protection bypass possible with IPv4-mapped IPv6 addresses - CVE-2023-28112: SSRF protection missing for some FastImage requests - CVE-2023-25819: Tags that are normally private are showing in metadata - CVE-2023-30606: Multisite DoS through unsanitized dynamic dispatch to SiteSetting

Recommendation

Update to version 3.1.0.beta3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 16, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available