CVE-2024-23654

discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin.
Configurations

Configuration 1 (hide)

cpe:2.3:a:discourse:ai:*:*:*:*:*:*:*:*

History

05 Feb 2025, 22:04

Type Values Removed Values Added
First Time Discourse
Discourse ai
CPE cpe:2.3:a:discourse:ai:*:*:*:*:*:*:*:*
References () https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd - () https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd - Patch
References () https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc - () https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc - Vendor Advisory

21 Nov 2024, 08:58

Type Values Removed Values Added
References () https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd - () https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd -
References () https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc - () https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc -

22 Feb 2024, 19:07

Type Values Removed Values Added
Summary
  • (es) discurso-ai es el complemento de inteligencia artificial para la plataforma de discusión de código abierto Discourse. Antes del commit 94ba0dadc2cf38e8f81c3936974c167219878edd, las interacciones con diferentes servicios de IA son vulnerables a ataques SSRF iniciados por el administrador. Las versiones del complemento que incluyen el commit 94ba0dadc2cf38e8f81c3936974c167219878edd contienen un parche. Como workaround, se puede desactivar el complemento discurso-ai.

21 Feb 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-21 21:15

Updated : 2025-02-05 22:04


NVD link : CVE-2024-23654

Mitre link : CVE-2024-23654

CVE.ORG link : CVE-2024-23654


JSON object : View

Products Affected

discourse

  • ai
CWE
CWE-918

Server-Side Request Forgery (SSRF)