CVE-2023-28111

Published: Mar 17, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.

Affected (3)

Products: Discourse: Discourse

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Before 3.1.0
Discourse Discourse	Version 3.1.0 beta1
Discourse Discourse	Version 3.1.0 beta2

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a

Source: security-advisories@github.com

Patch

https://github.com/discourse/discourse/pull/20710

Source: security-advisories@github.com

Patch

https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc

Source: security-advisories@github.com

Vendor Advisory

https://github.com/discourse/discourse/commit/fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/discourse/discourse/pull/20710

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/discourse/discourse/security/advisories/GHSA-26h3-8ww8-v5fc

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.