CISA warns of remote code execution vulnerabilities in Discourse

CISA Prompted The developer updates Discourse version 2.7.8 and earlier in a notification sent on Sunday to warn that the remote code execution vulnerability has been tagged as “Critical”.

problem Patched On Friday, the developers explained it CVE-2021-41163 It contained an “upstream aws-sdk-snsgem validation bug” that could “lead to a Discourse RCE via a maliciously crafted request”.

To avoid the problem without updating, the developer said, “Requests with paths starting with / webhooks / aws may be blocked by the upstream proxy.”

Popular open source discussion platform Attract millions of users Every month, we prompt a message from the CISA that encourages us to push updates.

researcher I explained the details in detail I reported the problem in a blog post and reported the problem to Discourse who did not respond to the request for comment.

Bleeping Computer A search in Shodan revealed that all Discourse SaaS instances were patched.

Saryu Nayyar, CEO of cybersecurity firm Gurucul, said Discourse “continues to publish news even after researchers discover a vulnerability that allows an attacker to call OS commands at the administrator level.” Said.

“It is very important for both system administrators and individual users to keep up with the security bulletins from their software providers and install patches quickly. Microsoft and others can automatically push patches to the system. You can’t rely on other OS vendors. Users of Discourse software will test and install this patch as their most important priority. ”

“Most users’ computers do not have computer administrator access. If the computer’s administrator access is only a network administrator account, and if it can be done using administrator access, hackers endanger the entire network. May send possible commands. “”

Doug Britton, CEO of Haystack Solutions, said the vulnerability is dangerous because it can be run remotely without being an authenticated user on the victim’s server.

“Level 10 bugs are arguably the most serious vulnerability. Discourse is the primary communication platform,” says Britton. CISA warns of remote code execution vulnerabilities in Discourse

Back to top button