discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin.
References
Configurations
History
05 Feb 2025, 22:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Discourse
Discourse ai |
|
CPE | cpe:2.3:a:discourse:ai:*:*:*:*:*:*:*:* | |
References | () https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd - Patch | |
References | () https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc - Vendor Advisory |
21 Nov 2024, 08:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd - | |
References | () https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc - |
22 Feb 2024, 19:07
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Feb 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-21 21:15
Updated : 2025-02-05 22:04
NVD link : CVE-2024-23654
Mitre link : CVE-2024-23654
CVE.ORG link : CVE-2024-23654
JSON object : View
Products Affected
discourse
- ai
CWE
CWE-918
Server-Side Request Forgery (SSRF)