{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44388", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-28T17:56:32.613Z", "datePublished": "2023-10-16T21:11:26.719Z", "dateUpdated": "2024-09-16T15:42:30.893Z"}, "containers": {"cna": {"title": "Malicious requests can fill up the log files resulting in a deinal of service in Discourse", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}, {"name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": "stable <= 3.1.1", "status": "affected"}, {"version": "beta <= 3.2.0.beta2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T21:11:26.719Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}], "source": {"advisory": "GHSA-89h3-g746-xmwq", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:07:32.947Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}, {"name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC", "x_transferred"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}]}, {"affected": [{"vendor": "discourse", "product": "discourse", "cpes": ["cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.1.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "3.2.0.beta2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T14:58:50.184229Z", "id": "CVE-2023-44388", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T15:42:30.893Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:07:32.947Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T14:58:50.184229Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"], "vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": "0", "lessThan": "3.1.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "3.2.0.beta2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T15:42:11.919Z"}}], "cna": {"title": "Malicious requests can fill up the log files resulting in a deinal of service in Discourse", "source": {"advisory": "GHSA-89h3-g746-xmwq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": "stable <= 3.1.1"}, {"status": "affected", "version": "beta <= 3.2.0.beta2"}]}], "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T21:11:26.719Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44388", "state": "PUBLISHED", "dateUpdated": "2024-09-16T15:42:30.893Z", "dateReserved": "2023-09-28T17:56:32.613Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-16T21:11:26.719Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA", "versionEndIncluding": "3.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Una solicitud maliciosa puede hacer que los archivos de registro de producci\u00f3n se llenen r\u00e1pidamente y, por lo tanto, que el servidor se quede sin espacio en disco. Este problema se ha solucionado en las versiones 3.1.1 stable y 3.2.0.beta2 de Discourse. Es posible workaround temporalmente en este problema reduciendo \"client_max_body_size nginx directive\". `client_max_body_size` limitar\u00e1 el tama\u00f1o de las cargas que se pueden cargar directamente al servidor."}], "id": "CVE-2023-44388", "lastModified": "2024-11-21T08:25:47.903", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-16T22:15:12.397", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}