CVE-2023-40588

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 15, 2023

Updated: Sep 21, 2023

CWE ID 770

Summary

CVE-2023-40588 affects versions prior to 3.1.1 of Discourse's `stable` branch and 3.2.0.beta1 of the `beta` and `tests-passed` branches. This vulnerability allows malicious users to add a 2FA or security key with a specially crafted name to their account, causing a denial of service for other users. This issue has been patched in the aforementioned versions, with no known workarounds available. Discourse, an open-source discussion platform, is at risk of service disruptions if this vulnerability is exploited.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Discourse

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sXgkKc
https://www.cve.org/CVERecord?id=CVE-2023-40588
https://nvd.nist.gov/vuln/detail/CVE-2023-40588

Back to Vulnerability Database

CVE-2023-40588

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations