CVE-2023-28111

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28111
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28111.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-28111
Aliases
Published
2023-03-17T17:15:11Z
Modified
2024-10-12T10:50:30.384834Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the beta and tests-passed branches. There are no known workarounds.

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type
GIT
Repo
https://github.com/discourse/discourse
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fd16eade7fcc6bba4b71e71106a2eb13cdfdae4a

Affected versions

v0.*

v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.2.5
v0.9.2.6
v0.9.3
v0.9.3.5
v0.9.4
v0.9.5
v0.9.5.1
v0.9.5.2
v0.9.6
v0.9.6.1
v0.9.6.2
v0.9.6.3
v0.9.6.4
v0.9.7
v0.9.7.1
v0.9.7.2
v0.9.7.3
v0.9.7.4
v0.9.7.5
v0.9.7.6
v0.9.7.7
v0.9.7.8
v0.9.7.9
v0.9.8
v0.9.8.1
v0.9.8.10
v0.9.8.11
v0.9.8.2
v0.9.8.3
v0.9.8.4
v0.9.8.5
v0.9.8.6
v0.9.8.7
v0.9.8.8
v0.9.8.9
v0.9.9.1
v0.9.9.10
v0.9.9.11
v0.9.9.12
v0.9.9.13
v0.9.9.14
v0.9.9.15
v0.9.9.16
v0.9.9.17
v0.9.9.18
v0.9.9.2
v0.9.9.3
v0.9.9.4
v0.9.9.5
v0.9.9.6
v0.9.9.7
v0.9.9.8
v0.9.9.9

v1.*

v1.0.0
v1.1.0.beta2
v1.1.0.beta3
v1.1.0.beta4
v1.1.0.beta5
v1.1.0.beta6
v1.1.0.beta6b
v1.1.0.beta7
v1.1.0.beta8
v1.2.0.beta1
v1.2.0.beta2
v1.2.0.beta3
v1.2.0.beta4
v1.2.0.beta5
v1.2.0.beta6
v1.2.0.beta7
v1.2.0.beta8
v1.2.0.beta9
v1.3.0.beta1
v1.3.0.beta10
v1.3.0.beta11
v1.3.0.beta2
v1.3.0.beta3
v1.3.0.beta4
v1.3.0.beta5
v1.3.0.beta6
v1.3.0.beta7
v1.3.0.beta9
v1.4.0.beta1
v1.4.0.beta10
v1.4.0.beta11
v1.4.0.beta12
v1.4.0.beta2
v1.4.0.beta3
v1.4.0.beta4
v1.4.0.beta5
v1.4.0.beta6
v1.4.0.beta7
v1.4.0.beta8
v1.4.0.beta9
v1.5.0.beta1
v1.5.0.beta10
v1.5.0.beta11
v1.5.0.beta12
v1.5.0.beta13
v1.5.0.beta13b
v1.5.0.beta14
v1.5.0.beta2
v1.5.0.beta3
v1.5.0.beta4
v1.5.0.beta5
v1.5.0.beta6
v1.5.0.beta7
v1.5.0.beta8
v1.5.0.beta9
v1.6.0.beta1
v1.6.0.beta10
v1.6.0.beta11
v1.6.0.beta12
v1.6.0.beta2
v1.6.0.beta3
v1.6.0.beta4
v1.6.0.beta5
v1.6.0.beta6
v1.6.0.beta7
v1.6.0.beta8
v1.6.0.beta9
v1.7.0.beta1
v1.7.0.beta10
v1.7.0.beta11
v1.7.0.beta2
v1.7.0.beta3
v1.7.0.beta4
v1.7.0.beta5
v1.7.0.beta6
v1.7.0.beta7
v1.7.0.beta8
v1.7.0.beta9
v1.8.0.beta1
v1.8.0.beta10
v1.8.0.beta11
v1.8.0.beta12
v1.8.0.beta13
v1.8.0.beta2
v1.8.0.beta3
v1.8.0.beta4
v1.8.0.beta5
v1.8.0.beta6
v1.8.0.beta7
v1.8.0.beta8
v1.8.0.beta9
v1.9.0.beta1
v1.9.0.beta10
v1.9.0.beta11
v1.9.0.beta12
v1.9.0.beta13
v1.9.0.beta14
v1.9.0.beta15
v1.9.0.beta16
v1.9.0.beta17
v1.9.0.beta2
v1.9.0.beta3
v1.9.0.beta4
v1.9.0.beta5
v1.9.0.beta6
v1.9.0.beta7
v1.9.0.beta8
v1.9.0.beta9

v2.*

v2.0.0.beta1
v2.0.0.beta10
v2.0.0.beta2
v2.0.0.beta3
v2.0.0.beta4
v2.0.0.beta5
v2.0.0.beta6
v2.0.0.beta7
v2.0.0.beta8
v2.0.0.beta9
v2.1.0.beta1
v2.1.0.beta2
v2.1.0.beta3
v2.1.0.beta4
v2.1.0.beta5
v2.1.0.beta6
v2.2.0.beta1
v2.2.0.beta10
v2.2.0.beta2
v2.2.0.beta3
v2.2.0.beta4
v2.2.0.beta5
v2.2.0.beta6
v2.2.0.beta7
v2.2.0.beta8
v2.2.0.beta9
v2.3.0.beta1
v2.3.0.beta10
v2.3.0.beta11
v2.3.0.beta2
v2.3.0.beta3
v2.3.0.beta4
v2.3.0.beta5
v2.3.0.beta6
v2.3.0.beta7
v2.3.0.beta8
v2.3.0.beta9
v2.4.0.beta1
v2.4.0.beta10
v2.4.0.beta11
v2.4.0.beta2
v2.4.0.beta3
v2.4.0.beta4
v2.4.0.beta5
v2.4.0.beta6
v2.4.0.beta7
v2.4.0.beta8
v2.4.0.beta9
v2.5.0.beta1
v2.5.0.beta2
v2.5.0.beta3
v2.5.0.beta4
v2.5.0.beta5
v2.5.0.beta6
v2.5.0.beta7
v2.6.0.beta1
v2.6.0.beta2
v2.6.0.beta3
v2.6.0.beta4
v2.6.0.beta5
v2.6.0.beta6
v2.7.0.beta1
v2.7.0.beta2
v2.7.0.beta3
v2.7.0.beta4
v2.7.0.beta5
v2.7.0.beta6
v2.7.0.beta7
v2.7.0.beta8
v2.7.0.beta9
v2.8.0.beta1
v2.8.0.beta10
v2.8.0.beta11
v2.8.0.beta2
v2.8.0.beta3
v2.8.0.beta4
v2.8.0.beta5
v2.8.0.beta6
v2.8.0.beta7
v2.8.0.beta8
v2.8.0.beta9
v2.9.0.beta1
v2.9.0.beta10
v2.9.0.beta11
v2.9.0.beta12
v2.9.0.beta13
v2.9.0.beta14
v2.9.0.beta2
v2.9.0.beta3
v2.9.0.beta4
v2.9.0.beta5
v2.9.0.beta6
v2.9.0.beta7
v2.9.0.beta8
v2.9.0.beta9

v3.*

v3.0.0.beta15
v3.0.0.beta16
v3.1.0.beta1
v3.1.0.beta2