CVE-2024-55948

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest version

Description Discourse is an open source platform for community discussion. In affected versions, an attacker can make a crafted XHR request to poison the anonymous cache, which may have a response with missing preloaded data. This issue only affects anonymous visitors of the site.

Recommendations For versions prior to the latest version, update to the latest version to resolve the issue. As a temporary workaround for users unable to upgrade, disable anonymous cache by setting the DISCOURSE DISABLE ANON CACHE environment variable to a non-empty value.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

BIT-DISCOURSE-2024-55948

CVE-2024-55948

GHSA-2352-252Q-QC82

Affected Products

Discourse

CVE-2024-55948

Weakness Enumeration

Related Identifiers

Affected Products

References · 8