Discourse versions 2.7.8 and earlier are plagued with a critical bug, that if exploited can let hackers execute commands on the hijacked systems remotely. A public scanning through Shodan revealed that all Discourse SaaS instances have been secured.
Discourse RCE Bug
Discourse is an open-source online forum and mailing list software, used by millions daily. Considering its regular traffic, CISA has issued a warning notice to all those developers using Discourse to update the software immediately. This is because the software is found to have a critical RCE bug, which can be exploited by malicious actors by sending a specially crafted file to a vulnerable Discourse client. This bug was tagged as CVE-2021-41163 and noted as critical by CISA. It’s explained as “a validation bug in the upstream aws-sdk-sns gem“, and found in Discourse versions 2.7.8 and earlier. An update to patch this bug was issued on Friday, where developers till then tried a temporary workaround of “requests with a path starting /webhooks/aws could be blocked at an upstream proxy.” While CISA triggers everyone to update to the latest version, a general scanning by BleepingComputer through Shodan has found that all the Discourse SaaS instances online are patched. In a statement to ZDNet, Saryu Nayyar the CEO of cybersecurity company Gurucul said
