BIT-discourse-2020-24327

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2020-24327.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-discourse-2020-24327

Aliases

CVE-2020-24327

Published

2024-03-06T11:10:18.981Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:discourse:discourse:2.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.6.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / discourse

Package

Name: discourse
Purl: pkg:bitnami/discourse

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.3.2

Fixed

2.3.3

Introduced

2.6.0

Fixed

2.6.1