CVE-2023-44388 - OpenCVE

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Discourse	Discourse

Configuration 1 [-]

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:3.2.0:beta1:::beta:::*

No data.

References

Link	Providers
http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-16T21:11:26.719Z

Updated: 2024-09-16T15:42:30.893Z

Reserved: 2023-09-28T17:56:32.613Z

Link: CVE-2023-44388

Vulnrichment

Updated: 2024-08-02T20:07:32.947Z

NVD

Status : Analyzed

Published: 2023-10-16T22:15:12.397

Modified: 2023-10-20T17:32:17.577

Link: CVE-2023-44388

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44388", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-28T17:56:32.613Z", "datePublished": "2023-10-16T21:11:26.719Z", "dateUpdated": "2024-09-16T15:42:30.893Z"}, "containers": {"cna": {"title": "Malicious requests can fill up the log files resulting in a deinal of service in Discourse", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}, {"name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": "stable <= 3.1.1", "status": "affected"}, {"version": "beta <= 3.2.0.beta2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T21:11:26.719Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}], "source": {"advisory": "GHSA-89h3-g746-xmwq", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:07:32.947Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}, {"name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC", "x_transferred"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}]}, {"affected": [{"vendor": "discourse", "product": "discourse", "cpes": ["cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.1.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "3.2.0.beta2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T14:58:50.184229Z", "id": "CVE-2023-44388", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T15:42:30.893Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:07:32.947Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T14:58:50.184229Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"], "vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": "0", "lessThan": "3.1.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "3.2.0.beta2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T15:42:11.919Z"}}], "cna": {"title": "Malicious requests can fill up the log files resulting in a deinal of service in Discourse", "source": {"advisory": "GHSA-89h3-g746-xmwq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": "stable <= 3.1.1"}, {"status": "affected", "version": "beta <= 3.2.0.beta2"}]}], "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T21:11:26.719Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44388", "state": "PUBLISHED", "dateUpdated": "2024-09-16T15:42:30.893Z", "dateReserved": "2023-09-28T17:56:32.613Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-16T21:11:26.719Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "matchCriteriaId": "6AC25048-A9DA-4EB4-A05B-33B6348539CA", "versionEndIncluding": "3.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Una solicitud maliciosa puede hacer que los archivos de registro de producci\u00f3n se llenen r\u00e1pidamente y, por lo tanto, que el servidor se quede sin espacio en disco. Este problema se ha solucionado en las versiones 3.1.1 stable y 3.2.0.beta2 de Discourse. Es posible workaround temporalmente en este problema reduciendo \"client_max_body_size nginx directive\". `client_max_body_size` limitar\u00e1 el tama\u00f1o de las cargas que se pueden cargar directamente al servidor."}], "id": "CVE-2023-44388", "lastModified": "2023-10-20T17:32:17.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-16T22:15:12.397", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Primary"}]}