{"id":"CVE-2021-43850","details":"Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist.","aliases":["BIT-discourse-2021-43850"],"modified":"2026-04-10T04:40:30.337104Z","published":"2022-01-04T20:15:07.667Z","related":["GHSA-59jr-pj65-qmvr"],"references":[{"type":"FIX","url":"https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39"},{"type":"EVIDENCE","url":"https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/discourse/discourse","events":[{"introduced":"0"},{"fixed":"81b398030ef4389a4a8192a287bc1b26203d58e0"},{"introduced":"0"},{"last_affected":"05c1d3c9cdd7f3e365bedc397dd92a7e7bc2c40f"},{"introduced":"0"},{"last_affected":"41038d6cdb289962b13778b0a00152b439d4a940"},{"introduced":"0"},{"last_affected":"5f8fa976d45c9e00a2a289cc18593e1af110783e"},{"introduced":"0"},{"last_affected":"cb858af8c79032a90bc374d566225c75e22cf6a6"},{"introduced":"0"},{"last_affected":"c6f1818b85a8b7883adff0fdb5ada2fbe87cfe04"},{"introduced":"0"},{"last_affected":"f0d2b0f2f08fc201031c85e1669dbd82dcd9b543"},{"introduced":"0"},{"last_affected":"ae91818c194a79b9a5216f2a2709a331f3509207"},{"introduced":"0"},{"last_affected":"cbfe48b9902736998ebe89079745c7557e0d8664"},{"introduced":"0"},{"last_affected":"c4d3b6556d750b9157a766ee370f2b4945dbb986"},{"fixed":"7a8ec129fb54f188b2da6588c9d24d3a36eb0d39"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.7.12"},{"introduced":"0"},{"last_affected":"2.8.0-beta1"},{"introduced":"0"},{"last_affected":"2.8.0-beta2"},{"introduced":"0"},{"last_affected":"2.8.0-beta3"},{"introduced":"0"},{"last_affected":"2.8.0-beta4"},{"introduced":"0"},{"last_affected":"2.8.0-beta5"},{"introduced":"0"},{"last_affected":"2.8.0-beta6"},{"introduced":"0"},{"last_affected":"2.8.0-beta7"},{"introduced":"0"},{"last_affected":"2.8.0-beta8"},{"introduced":"0"},{"last_affected":"2.8.0-beta9"}]}}],"versions":["v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.8.7","v0.8.8","v0.8.9","v0.9.0","v0.9.1","v0.9.2","v0.9.2.5","v0.9.2.6","v0.9.3","v0.9.4","v0.9.5","v0.9.5.1","v0.9.5.2","v0.9.6","v0.9.6.1","v0.9.6.3","v0.9.6.4","v0.9.7","v0.9.7.1","v0.9.7.2","v0.9.7.3","v0.9.7.4","v0.9.7.5","v0.9.7.6","v0.9.7.7","v0.9.7.8","v0.9.7.9","v0.9.8","v0.9.8.1","v0.9.8.10","v0.9.8.11","v0.9.8.2","v0.9.8.3","v0.9.8.4","v0.9.8.5","v0.9.8.6","v0.9.8.7","v0.9.8.8","v0.9.8.9","v0.9.9.1","v0.9.9.10","v0.9.9.11","v0.9.9.12","v0.9.9.13","v0.9.9.14","v0.9.9.15","v0.9.9.16","v0.9.9.17","v0.9.9.18","v0.9.9.2","v0.9.9.3","v0.9.9.4","v0.9.9.5","v0.9.9.6","v0.9.9.7","v0.9.9.8","v0.9.9.9","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.1.0","v1.1.0.beta2","v1.1.0.beta3","v1.1.0.beta4","v1.1.0.beta5","v1.1.0.beta6","v1.1.0.beta6b","v1.1.0.beta7","v1.1.0.beta8","v1.1.1","v1.1.2","v1.1.3","v1.2.0","v1.2.0.beta1","v1.2.0.beta2","v1.2.0.beta3","v1.2.0.beta4","v1.2.0.beta5","v1.2.0.beta6","v1.2.0.beta7","v1.2.0.beta8","v1.2.0.beta9","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3.0","v1.3.0.beta1","v1.3.0.beta10","v1.3.0.beta11","v1.3.0.beta2","v1.3.0.beta3","v1.3.0.beta4","v1.3.0.beta5","v1.3.0.beta6","v1.3.0.beta9","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.4.0","v1.4.0.beta1","v1.4.0.beta10","v1.4.0.beta11","v1.4.0.beta12","v1.4.0.beta2","v1.4.0.beta3","v1.4.0.beta4","v1.4.0.beta5","v1.4.0.beta6","v1.4.0.beta7","v1.4.0.beta8","v1.4.0.beta9","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.5.0","v1.5.0.beta1","v1.5.0.beta10","v1.5.0.beta11","v1.5.0.beta12","v1.5.0.beta13","v1.5.0.beta13b","v1.5.0.beta14","v1.5.0.beta2","v1.5.0.beta4","v1.5.0.beta5","v1.5.0.beta6","v1.5.0.beta7","v1.5.0.beta8","v1.5.0.beta9","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.6.0","v1.6.0.beta1","v1.6.0.beta10","v1.6.0.beta11","v1.6.0.beta12","v1.6.0.beta2","v1.6.0.beta3","v1.6.0.beta4","v1.6.0.beta5","v1.6.0.beta6","v1.6.0.beta7","v1.6.0.beta8","v1.6.0.beta9","v1.6.1","v1.6.10","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.9","v1.7.0","v1.7.0.beta1","v1.7.0.beta10","v1.7.0.beta11","v1.7.0.beta2","v1.7.0.beta3","v1.7.0.beta4","v1.7.0.beta5","v1.7.0.beta6","v1.7.0.beta7","v1.7.0.beta8","v1.7.0.beta9","v1.7.1","v1.7.10","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.8.0","v1.8.0.beta1","v1.8.0.beta10","v1.8.0.beta11","v1.8.0.beta12","v1.8.0.beta13","v1.8.0.beta2","v1.8.0.beta3","v1.8.0.beta4","v1.8.0.beta5","v1.8.0.beta6","v1.8.0.beta7","v1.8.0.beta8","v1.8.0.beta9","v1.8.1","v1.8.10","v1.8.11","v1.8.2","v1.8.3","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.8.8","v1.8.9","v1.9.0","v1.9.0.beta1","v1.9.0.beta10","v1.9.0.beta11","v1.9.0.beta12","v1.9.0.beta13","v1.9.0.beta14","v1.9.0.beta15","v1.9.0.beta16","v1.9.0.beta17","v1.9.0.beta2","v1.9.0.beta3","v1.9.0.beta4","v1.9.0.beta5","v1.9.0.beta6","v1.9.0.beta7","v1.9.0.beta8","v1.9.0.beta9","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v2.0.0","v2.0.0.beta1","v2.0.0.beta10","v2.0.0.beta2","v2.0.0.beta3","v2.0.0.beta4","v2.0.0.beta5","v2.0.0.beta6","v2.0.0.beta7","v2.0.0.beta8","v2.0.0.beta9","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.1.0","v2.1.0.beta1","v2.1.0.beta2","v2.1.0.beta3","v2.1.0.beta4","v2.1.0.beta5","v2.1.0.beta6","v2.1.1","v2.1.2","v2.1.3","v2.1.4","v2.1.5","v2.1.6","v2.1.7","v2.1.8","v2.2.0","v2.2.0.beta1","v2.2.0.beta10","v2.2.0.beta2","v2.2.0.beta3","v2.2.0.beta4","v2.2.0.beta5","v2.2.0.beta6","v2.2.0.beta7","v2.2.0.beta8","v2.2.0.beta9","v2.2.1","v2.2.2","v2.2.3","v2.2.4","v2.2.5","v2.2.6","v2.3.0","v2.3.0.beta1","v2.3.0.beta10","v2.3.0.beta11","v2.3.0.beta2","v2.3.0.beta3","v2.3.0.beta4","v2.3.0.beta5","v2.3.0.beta6","v2.3.0.beta7","v2.3.0.beta8","v2.3.0.beta9","v2.3.1","v2.3.10","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9","v2.4.0","v2.4.0.beta1","v2.4.0.beta10","v2.4.0.beta11","v2.4.0.beta2","v2.4.0.beta3","v2.4.0.beta4","v2.4.0.beta5","v2.4.0.beta6","v2.4.0.beta7","v2.4.0.beta8","v2.4.0.beta9","v2.4.1","v2.4.2","v2.4.3","v2.4.4","v2.4.5","v2.5.0","v2.5.0.beta1","v2.5.0.beta2","v2.5.0.beta3","v2.5.0.beta4","v2.5.0.beta5","v2.5.0.beta6","v2.5.0.beta7","v2.5.1","v2.5.2","v2.5.3","v2.5.4","v2.5.5","v2.6.0","v2.6.0.beta1","v2.6.0.beta2","v2.6.0.beta3","v2.6.0.beta4","v2.6.0.beta5","v2.6.0.beta6","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6","v2.6.7","v2.7.0","v2.7.0.beta1","v2.7.0.beta2","v2.7.0.beta3","v2.7.0.beta4","v2.7.0.beta5","v2.7.0.beta6","v2.7.0.beta7","v2.7.0.beta8","v2.7.0.beta9","v2.7.1","v2.7.10","v2.7.11","v2.7.2","v2.7.3","v2.7.4","v2.7.5","v2.7.6","v2.7.7","v2.7.8","v2.7.9","v2.8.0.beta1","v2.8.0.beta2","v2.8.0.beta3","v2.8.0.beta4","v2.8.0.beta5","v2.8.0.beta6","v2.8.0.beta7","v2.8.0.beta8","v2.8.0.beta9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43850.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}]}