8.2

CVE-2024-47773

EPSS 1.59%
Veröffentlicht 08.10.2024 18:15:30
Zuletzt bearbeitet 26.08.2025 16:58:28
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Discourse ≫ Discourse SwEditionstable Version < 3.3.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.59%	0.725

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

https://github.com/discourse/discourse/security/advisories/GHSA-58vv-9j8h-hw2v

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47773

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47773

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47773

EUVD