Login Sign Up

CVE-2023-44388

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2023-44388 is a denial-of-service vulnerability in Discourse where malicious requests can rapidly fill production log files, causing servers to run out of disk space. This affects all Discourse administrators running vulnerable versions. Attackers can exploit this without authentication to disrupt service availability.

💻 Affected Systems

Products:
  • Discourse
Versions: All versions before 3.1.1 stable and 3.2.0.beta2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects standard Discourse installations using default logging configurations.

📦 What is this software?

Discourse by Discourse

View all CVEs affecting Discourse →

Discourse by Discourse

View all CVEs affecting Discourse →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server outage due to disk exhaustion, requiring manual intervention to clear logs and restore service, potentially causing extended downtime.

🟠

Likely Case

Service disruption as logs consume disk space, leading to application failures, inability to process requests, and degraded performance until logs are cleared.

🟢

If Mitigated

Minimal impact with proper monitoring and log rotation in place, allowing administrators to detect and respond before critical disk exhaustion occurs.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted requests to trigger excessive logging, which is straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.1 stable or 3.2.0.beta2

Vendor Advisory: https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq

Restart Required: Yes

Instructions:

1. Backup your Discourse instance. 2. Update to Discourse version 3.1.1 or later. 3. Restart the Discourse service. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Reduce nginx client_max_body_size

linux

Limits upload size to reduce log generation from malicious requests

Edit nginx configuration and add: client_max_body_size 1M;

🧯 If You Can't Patch

  • Implement aggressive log rotation and monitoring to detect rapid log growth
  • Restrict access to Discourse endpoints to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check Discourse version: if running version earlier than 3.1.1, you are vulnerable.

Check Version:

cd /var/discourse && ./launcher status app

Verify Fix Applied:

Confirm Discourse version is 3.1.1 or later and monitor log file growth for abnormal patterns.

📡 Detection & Monitoring

Log Indicators:

  • Rapid increase in log file size
  • Repeated error messages about disk space
  • Unusual request patterns in access logs

Network Indicators:

  • High volume of requests to Discourse endpoints
  • Requests with large payloads

SIEM Query:

source="discourse.logs" | stats count by _time span=1m | where count > threshold

📊 Metadata

CVE ID: CVE-2023-44388
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: October 16, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44388, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)