CVE-2023-44388 - OpenCVE

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Discourse	Discourse

Configuration 1 [-]

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta1:::beta:::*

References

Link	Resource
http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size	Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-16T21:11:26.719Z

Updated: 2023-10-16T21:11:26.719Z

Reserved: 2023-09-28T17:56:32.613Z

Link: CVE-2023-44388

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-16T22:15:12.397

Modified: 2023-10-20T17:32:17.577

Link: CVE-2023-44388

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-44388", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-28T17:56:32.613Z", "datePublished": "2023-10-16T21:11:26.719Z", "dateUpdated": "2023-10-16T21:11:26.719Z"}, "containers": {"cna": {"title": "Malicious requests can fill up the log files resulting in a deinal of service in Discourse", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}, {"name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": "stable <= 3.1.1", "status": "affected"}, {"version": "beta <= 3.2.0.beta2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T21:11:26.719Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}], "source": {"advisory": "GHSA-89h3-g746-xmwq", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA", "versionEndIncluding": "3.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Una solicitud maliciosa puede hacer que los archivos de registro de producci\u00f3n se llenen r\u00e1pidamente y, por lo tanto, que el servidor se quede sin espacio en disco. Este problema se ha solucionado en las versiones 3.1.1 stable y 3.2.0.beta2 de Discourse. Es posible workaround temporalmente en este problema reduciendo \"client_max_body_size nginx directive\". `client_max_body_size` limitar\u00e1 el tama\u00f1o de las cargas que se pueden cargar directamente al servidor."}], "id": "CVE-2023-44388", "lastModified": "2023-10-20T17:32:17.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-16T22:15:12.397", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Primary"}]}