Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562310150797HistoryJul 31, 2023 - 12:00 a.m.
Discourse < 3.0.7 DoS Vulnerability
2023-07-3100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
9
denial of service
vulnerability
discourse
version 3.0.7
dos
security advisory
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
31.7%
Discourse is prone to a denial of service (DoS) vulnerability
via defer queue.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:discourse:discourse";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.150797");
script_version("2023-10-12T05:05:32+0000");
script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
script_tag(name:"creation_date", value:"2023-07-31 04:14:01 +0000 (Mon, 31 Jul 2023)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-08-03 17:37:00 +0000 (Thu, 03 Aug 2023)");
script_cve_id("CVE-2023-38498");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Discourse < 3.0.7 DoS Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Denial of Service");
script_dependencies("gb_discourse_detect.nasl");
script_mandatory_keys("discourse/detected");
script_tag(name:"summary", value:"Discourse is prone to a denial of service (DoS) vulnerability
via defer queue.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"impact", value:"A malicious user can prevent the defer queue from proceeding
promptly on sites hosted in the same multisite installation.");
script_tag(name:"affected", value:"Discourse prior to version 3.0.7.");
script_tag(name:"solution", value:"Update to version 3.0.7 or later.");
script_xref(name:"URL", value:"https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "3.0.7")) {
report = report_fixed_ver(installed_version: version, fixed_version: "3.0.7", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Related
prion
prion
Design/Logic Flaw
2023-07-28 16:15:00
cvelist
cvelist
CVE-2023-38498 Discourse vulnerable to DoS via defer queue
2023-07-28 15:18:18
osv
osv
BIT-discourse-2023-38498
2024-03-06 10:55:24
CVE-2023-38498
2023-07-28 16:15:12
nvd
nvd
CVE-2023-38498
2023-07-28 16:15:12
openvas
openvas
Discourse 3.1.x < 3.1.0.beta8 DoS Vulnerability
2023-07-31 00:00:00
cve
cve
CVE-2023-38498
2023-07-28 16:15:12
githubexploit
githubexploit
Exploit for Unquoted Search Path or Element in Openbsd Openssh
2023-08-09 19:56:07
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
31.7%
Related for OPENVAS:1361412562310150797