{"vulnerability": "CVE-2022-39241", "sightings": [{"uuid": "064097f8-12f4-4679-8a12-d8d41465eb8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39241", "type": "seen", "source": "https://t.me/cibsecurity/52485", "content": "\u203c CVE-2022-39241 \u203c\n\nDiscourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T19:19:50.000000Z"}]}