CVE-2021-43794 - OpenCVE

Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Discourse	Discourse

Configuration 1 [-]

cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1	Patch Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-12-01T19:40:10

Updated: 2021-12-01T19:40:10

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43794

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-01T20:15:08.727

Modified: 2021-12-03T03:11:50.163

Link: CVE-2021-43794

JSON object: View

Redhat Information

No data.

CWE

CWE-610

{"containers": {"cna": {"affected": [{"product": "discourse", "vendor": "discourse", "versions": [{"status": "affected", "version": "stable < 2.7.11"}, {"status": "affected", "version": "beta < 2.8.0.beta9"}, {"status": "affected", "version": "tests-passed < 2.8.0.beta9"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-610", "description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-01T19:40:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"}], "source": {"advisory": "GHSA-249g-pc77-65hp", "discovery": "UNKNOWN"}, "title": "Anonymous user cache poisoning via development-mode header in Discourse", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43794", "STATE": "PUBLIC", "TITLE": "Anonymous user cache poisoning via development-mode header in Discourse"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "discourse", "version": {"version_data": [{"version_value": "stable < 2.7.11"}, {"version_value": "beta < 2.8.0.beta9"}, {"version_value": "tests-passed < 2.8.0.beta9"}]}}]}, "vendor_name": "discourse"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"}]}]}, "references": {"reference_data": [{"name": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1", "refsource": "MISC", "url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"}, {"name": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp", "refsource": "CONFIRM", "url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"}]}, "source": {"advisory": "GHSA-249g-pc77-65hp", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43794", "datePublished": "2021-12-01T19:40:10", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2021-12-01T19:40:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F845CD5-5BBB-4686-B459-F20DEC41748C", "versionEndExcluding": "2.7.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."}, {"lang": "es", "value": "Discourse es una plataforma de debate de c\u00f3digo abierto. En las versiones afectadas, un atacante puede envenenar la cach\u00e9 de los usuarios an\u00f3nimos (es decir, los que no han iniciado sesi\u00f3n), de forma que se les muestre un blob JSON en lugar de la p\u00e1gina HTML. Esto puede conllevar a una denegaci\u00f3n de servicio parcial. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de prueba de Discourse"}], "id": "CVE-2021-43794", "lastModified": "2021-12-03T03:11:50.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Primary"}]}, "published": "2021-12-01T20:15:08.727", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-610"}], "source": "security-advisories@github.com", "type": "Primary"}]}