Discourse Vulnerability [False Positive]

arcreigh · June 10, 2019, 8:59pm

It appears there is a CVE out for the discourse admin page. 100005 DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892.

Cloudflare was triggered while trying to update my discourse installation it 403’d this URI /admin/docker/latest?path=%2Fvar%2Fwww%2Fdiscourse&version=c093fa0&branch=origin%2Ftests-passed

This prevented update checking to continue. Whitelisting my IP in cloudflare resolved this issue.

sam · June 10, 2019, 9:12pm

Neither of these are related to Discourse. Recommend you take this up with cloudflare and disable the orange cloudflare acceleration button

arcreigh · June 10, 2019, 9:28pm

Cool deal I’ll flag this as a false positive on my end and move on thanks Sam!

Topic		Replies	Views
Blank page / Error after updating due to cloudflare settings Support	17	2240	December 10, 2018
Cloudflare or plugins breaking my Discourse instance? Support	20	2175	June 9, 2020
Query regarding adding Cloudflare Installation	6	890	April 4, 2020
Discourse Account Activation - Insecure Page Error Installation	4	808	April 17, 2019
Fresh install stalling at admin access Installation	4	695	March 15, 2019

Discourse Vulnerability [False Positive]

Related topics