How severe is CVE-2023-30606?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2023-30606?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2023-30606 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-18875

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.

CWE-7322017

CVE-2017-18876

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.

CWE-7322017

CVE-2018-13025

MEDIUM

CVSS:4.9(Medium)

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.

CWE-7322018

CVE-2018-14886

MEDIUM

CVSS:4.9(Medium)

The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read...

CWE-7322018

CVE-2018-20420

MEDIUM

CVSS:4.9(Medium)

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directo...

CWE-7322018

CVE-2019-3893

MEDIUM

CVSS:4.9(Medium)

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resourc...

CWE-7322019