CVE-2020-24327
MEDIUMDiscourse 2.3.2 and 2.6 - Server-Side Request Forgery via Email Image Upload
Title source: llmDescription
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/discourse/discourse/pull/10509
Scores
CVSS v3
5.3
EPSS
0.0019
EPSS Percentile
40.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-918
Status
published
Products (2)
discourse/discourse
2.3.2
discourse/discourse
2.6.0
Published
Sep 23, 2021
Tracked Since
Feb 18, 2026