1. Home
  2. CVE Database
  3. CVE-2024-24755
MEDIUM · 4.3

CVE-2024-24755

discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom field...

Vulnerability Description

discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
DiscourseGroup Membership Ip Blocks-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2024-24755?

CVE-2024-24755 is a vulnerability with a CVSS score of 4.3 (MEDIUM). discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom field...

How severe is CVE-2024-24755?

CVE-2024-24755 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-24755?

Check the references section above for vendor advisories and patch information. Affected products include: Discourse Group Membership Ip Blocks.