CVE-2022-24824 - OpenCVE

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Discourse	Discourse

Configuration 1 [-]

OR	cpe:2.3:a:discourse:discourse::::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta1::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta2::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta3::::::

No data.

References

Link	Providers
https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e
https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-04-14T21:15:14

Updated: 2024-08-03T04:20:50.534Z

Reserved: 2022-02-10T00:00:00

Link: CVE-2022-24824

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-14T22:15:07.827

Modified: 2022-04-22T19:53:10.497

Link: CVE-2022-24824

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "discourse", "vendor": "discourse", "versions": [{"status": "affected", "version": "< 2.8.3"}, {"status": "affected", "version": "< 2.9.0.beta4"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-829", "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-14T21:15:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"}], "source": {"advisory": "GHSA-46v9-3jc4-f53w", "discovery": "UNKNOWN"}, "title": "Anonymous user cache poisoning in discourse", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24824", "STATE": "PUBLIC", "TITLE": "Anonymous user cache poisoning in discourse"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "discourse", "version": {"version_data": [{"version_value": "< 2.8.3"}, {"version_value": "< 2.9.0.beta4"}]}}]}, "vendor_name": "discourse"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere"}]}]}, "references": {"reference_data": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w", "refsource": "CONFIRM", "url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"}, {"name": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e", "refsource": "MISC", "url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"}]}, "source": {"advisory": "GHSA-46v9-3jc4-f53w", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:50.534Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24824", "datePublished": "2022-04-14T21:15:14", "dateReserved": "2022-02-10T00:00:00", "dateUpdated": "2024-08-03T04:20:50.534Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9653E97-F0B1-4559-AF43-F202A84403D2", "versionEndExcluding": "2.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para la discusi\u00f3n comunitaria. En las versiones afectadas, un atacante puede envenenar la cach\u00e9 para usuarios an\u00f3nimos (es decir, que no han iniciado sesi\u00f3n), de tal manera que a usuarios les es mostrado la vista del rastreador del sitio en lugar de la p\u00e1gina HTML. Esto puede conllevar a una denegaci\u00f3n de servicio parcial. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de prueba de Discourse. No se presentan medidas de mitigaci\u00f3n conocidas para este problema"}], "id": "CVE-2022-24824", "lastModified": "2022-04-22T19:53:10.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-04-14T22:15:07.827", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/b72b0dac10493d09f4f9eb8f3c3ce7817295e34e"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-46v9-3jc4-f53w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "security-advisories@github.com", "type": "Primary"}]}