Vulnerability Description
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 2.8.3 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce78172PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53wThird Party Advisory
- https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce78172PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53wThird Party Advisory
FAQ
What is CVE-2022-24824?
CVE-2022-24824 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler...
How severe is CVE-2022-24824?
CVE-2022-24824 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24824?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.