Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-03-17T16:23:31.324Z
Updated: 2023-03-17T16:23:31.324Z
Reserved: 2023-03-10T18:34:29.227Z
Link: CVE-2023-28107
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-17T17:15:11.517
Modified: 2023-03-23T20:53:57.360
Link: CVE-2023-28107
JSON object: View
Redhat Information
No data.
CWE