CVE-2022-39241 Information

Description

Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network as well as against hosts on the Internet. Latest stable beta and test-passed versions are now patched. As a workaround self-hosters can use DISCOURSE_BLOCKED_IP_BLOCKS env var (which overrides blocked_ip_blocks setting) to stop webhooks from accessing private IPs.

Reference

https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr