Discourse SNS webhook RCE

A vulnerability, which was classified as critical, has been found in Discourse (affected version not known). Affected by this issue is an unknown function of the file /webhooks/aws. The manipulation of the argument subscribe_url with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-74. Impacted is confidentiality, integrity, and availability.

The weakness was published 10/21/2021 as GHSA-jcjx-pvpc-qgwq. The advisory is available at This vulnerability is handled as CVE-2021-41163 since 09/15/2021. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Oracle MySQL JDBC XXE vulnerability (CVE-2021-2471)

Google Chrome Bug Worth for $6K: Use After Free (CVE-2021-30573)