CVE-2020-24327

discourse/discourse

on github

Published

September 23, 2021

Severity

CVSS v3:

5.3 MEDIUM

CVSS v2:

5 MEDIUM

Description

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.

References

https://github.com/discourse/discourse/pull/10509
https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:discourse:discourse:2.3.2:::::::*	n/a	n/a	2.3.2
cpe:2.3:a:discourse:discourse:2.6.0:-::::::	n/a	n/a	2.6.0

External Links

NVD - CVE-2020-24327