Discourse Vulnerability [False Positive]

It appears there is a CVE out for the discourse admin page. 100005 DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892.

Cloudflare was triggered while trying to update my discourse installation it 403’d this URI /admin/docker/latest?path=%2Fvar%2Fwww%2Fdiscourse&version=c093fa0&branch=origin%2Ftests-passed

This prevented update checking to continue. Whitelisting my IP in cloudflare resolved this issue.

Neither of these are related to Discourse. Recommend you take this up with cloudflare and disable the orange cloudflare acceleration button


Cool deal I’ll flag this as a false positive on my end and move on thanks Sam!