Vulnerability Description
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse-ai/commit/92f122c54d9d7ead9223a056270bff5
- https://github.com/discourse/discourse-ai/security/advisories/GHSA-94c2-qr2h-88j
FAQ
What is CVE-2024-54142?
CVE-2024-54142 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Disco...
How severe is CVE-2024-54142?
CVE-2024-54142 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-54142?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.