You are currently viewing Discourse Patches Critical Remote Code Execution Vulnerability

Discourse Patches Critical Remote Code Execution Vulnerability

Discourse is one of the most popular open-source community forums and mailing list management software applications. A critical code execution vulnerability has been identified in Discourse, allowing an attacker to execute arbitrary code on the affected system. This vulnerability has been recognized with CVE-2021-41163. The NIST has not calculated the severity score, but this flaw is considered to be of Critical severity as it allows unauthenticated RCE on the affected systems. Due to the widespread use of Discourse, CISA (Certified Information Systems Auditor) has also published an alert asking administrators to update Discourse to the latest patched versions.


Vulnerability Details

The vulnerability lies in the AWS notification webhook handler due to a validation bug in subscribe_url as shown below. It does not require any authentication and can be triggered by an attacker using https://somedicourseinstance/webhooks/aws request.

A PoC code is also available for this vulnerability. It is based on the same factor where attacker-supplied input is passed to the open() function leading to OS command execution.


Affected

Discourse stable versions 2.7.8 and prior.


Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected system.


Solution

The vendor has released a patch for this vulnerability. It has been fixed in Discourse stable version 2.7.9 and later. If updating Discourse is not possible, users are advised to block requests with a path starting /webhooks/aws using some additional security tools.


SanerNow VM detects these vulnerabilities. We strongly recommend applying the security updates for this vulnerability on high priority.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments