Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
11
Affected Products
2
References
discourse / discourse
| - |
| discourse | discourse | - | - |
| discourse | discourse | - | - |
| discourse | discourse | - | - |
| discourse | discourse | - | - |
| discourse | discourse | - | - |
| discourse | discourse | - | - |
| discourse | discourse | - | - |
| discourse | discourse | - | - |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
Exploitability
Impact