CVE-2022-24824
Summary
| CVE | CVE-2022-24824 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-14 22:15:00 UTC |
| Updated | 2022-04-22 19:53:00 UTC |
| Description | Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue. |
Risk And Classification
Problem Types: CWE-829
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SECURITY: Ensure user-agent-based responses are cached separately (st… · discourse/discourse@b72b0da · GitHub | MISC | github.com | |
| Anonymous user cache poisoning via maliciously formed request · Advisory · discourse/discourse · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.