Vulnerability Database

309,083

Total vulnerabilities in the database

CVE-2022-39241

Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest stable, beta, and test-passed versions are now patched. As a workaround, self-hosters can use DISCOURSE_BLOCKED_IP_BLOCKS env var (which overrides blocked_ip_blocks setting) to stop webhooks from accessing private IPs.

Published: Nov 2, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-39241
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.6
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
discourse / discourse	2.9.0-beta1	2.9.0-beta1.x
discourse / discourse	2.9.0-beta2	2.9.0-beta2.x
discourse / discourse	2.9.0-beta3	2.9.0-beta3.x
discourse / discourse	2.9.0-beta4	2.9.0-beta4.x
discourse / discourse	2.9.0-beta5	2.9.0-beta5.x
discourse / discourse	2.9.0-beta7	2.9.0-beta7.x
discourse / discourse	2.9.0-beta8	2.9.0-beta8.x
discourse / discourse	2.9.0-beta6	2.9.0-beta6.x
discourse / discourse	2.9.0-beta9	2.9.0-beta9.x
discourse / discourse	2.9.0-beta10	2.9.0-beta10.x
discourse / discourse	-	2.8.10

https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo