CVE-2023-44388

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size	Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta1:::beta:::*

History

20 Oct 2023, 17:32

Type	Values Removed	Values Added
First Time		Discourse Discourse discourse
References	~~(MISC) https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq -~~	(MISC) https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq - Vendor Advisory
References	~~(MISC) http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size -~~	(MISC) http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size - Third Party Advisory
CPE		cpe:2.3:a:discourse:discourse:::::stable:::* cpe:2.3:a:discourse:discourse:3.2.0:beta1:::beta:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

16 Oct 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-16 22:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-44388

Mitre link : CVE-2023-44388

CVE.ORG link : CVE-2023-44388

JSON object : View

Products Affected

discourse

discourse

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-44388", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-10-16T22:15:12.397", "references": [{"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Una solicitud maliciosa puede hacer que los archivos de registro de producci\u00f3n se llenen r\u00e1pidamente y, por lo tanto, que el servidor se quede sin espacio en disco. Este problema se ha solucionado en las versiones 3.1.1 stable y 3.2.0.beta2 de Discourse. Es posible workaround temporalmente en este problema reduciendo \"client_max_body_size nginx directive\". `client_max_body_size` limitar\u00e1 el tama\u00f1o de las cargas que se pueden cargar directamente al servidor."}], "lastModified": "2023-10-20T17:32:17.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA", "versionEndIncluding": "3.1.1"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}