Home > Vulnerability Database > CVE-2023-28440

Mend.io Vulnerability Database

CVE-2023-28440

Date: April 18, 2023

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

2.7

Related Resources (3)

Url: https://github.com/discourse/discourse/security/advisories/GHSA-vm65-pv5h-6g3w

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28440

Url: https://www.mend.io/vulnerability-database/CVE-2023-28440

Severity Score

2.7

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28440

Date: April 18, 2023

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?