CVE-2024-40588: 
Fortimail vulnerability analysis and mitigation

Discourse, an open-source discussion platform, was found to contain a denial of service vulnerability prior to version 3.1.1 of the 'stable' branch and version 3.2.0.beta1 of the 'beta' and 'tests-passed' branches. The vulnerability was discovered and disclosed in September 2023, affecting all versions of Discourse before the patched releases (GitHub Advisory).

The vulnerability allows a malicious user to add a 2FA or security key with a carefully crafted name to their account, which could trigger a denial of service condition affecting other users. The issue has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-770: Allocation of Resources Without Limits or Throttling (NVD).

When exploited, this vulnerability can cause a denial of service condition that affects other users of the Discourse platform. The attack impacts the availability of the service while leaving confidentiality and integrity unaffected, as indicated by the CVSS metrics (GitHub Advisory).

The vulnerability has been patched in version 3.1.1 of the 'stable' branch and version 3.2.0.beta1 of the 'beta' and 'tests-passed' branches. There are no known workarounds for this vulnerability, making it critical for affected installations to upgrade to the patched versions (GitHub Advisory).