CVE-2024-54142

EPSS 0.14%
Veröffentlicht 14.01.2025 23:15:08
Zuletzt bearbeitet 14.01.2025 23:15:08
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerdiscourse

≫

Produkt discourse-ai

Version < 92f122c

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.348

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9	2.3	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/discourse/discourse-ai/commit/92f122c54d9d7ead9223a056270bff5b4c42c73f

https://github.com/discourse/discourse-ai/security/advisories/GHSA-94c2-qr2h-88jv

https://nvd.nist.gov/vuln/detail/CVE-2024-54142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-54142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-54142

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-54142