Allocation of Resources Without Limits or Throttling in Discourse - CVE-2023-28107
Published: March 17, 2023 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the backup request functionality when requesting backups multiple times. A remote privileged user can repeatedly request backups to cause a denial of service.
On multisite deployments, exploitation can affect the whole cluster. User interaction is required.