8.2

CVE-2024-55948

EPSS 0.24%
Veröffentlicht 04.02.2025 21:15:27
Zuletzt bearbeitet 26.08.2025 16:59:36
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing  preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Discourse ≫ Discourse SwEditionstable Version < 3.3.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://github.com/discourse/discourse/security/advisories/GHSA-2352-252q-qc82

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-55948

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-55948

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-55948

EUVD