CVE-2024-47773

HIGH

Discourse < 3.3.2 - Unauthenticated Cache Poisoning via XHR Requests

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-47773. PoCs published by İbrahimsql, ibrahmsql.

AI-analyzed exploit summary This exploit demonstrates a cache poisoning vulnerability in Discourse by sending multiple XHR requests to poison the cache with responses lacking preloaded data, affecting anonymous users. It targets specific endpoints and verifies the poisoning through response analysis.

Description

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Exploits (2)

exploitdb WORKING POC

by İbrahimsql · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52358

View Code ZIP pw:eip

This exploit demonstrates a cache poisoning vulnerability in Discourse by sending multiple XHR requests to poison the cache with responses lacking preloaded data, affecting anonymous users. It targets specific endpoints and verifies the poisoning through response analysis.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Discourse < latest (patched), specifically 3.1.x, 3.2.x

No auth needed

Prerequisites: Target running vulnerable Discourse version · Anonymous cache enabled · Network access to the target

MITRE ATT&CK

T1595.003 - Wordlist Scanning T1598 - Phishing for Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by ibrahmsql · poc

https://github.com/ibrahmsql/CVE-2024-47773

View Code ZIP pw:eip

This PoC demonstrates a cache poisoning vulnerability in Discourse by sending multiple XHR requests to poison the anonymous user cache, leading to responses without preloaded data. It targets specific endpoints and verifies the poisoning effect.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Discourse < latest (patched)

No auth needed

Prerequisites: Access to a vulnerable Discourse instance · Anonymous cache enabled

MITRE ATT&CK

T1505 - Server Software Component T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://github.com/discourse/discourse/security/advisories/GHSA-58vv-9j8h-hw2v

Scores

CVSS v3 8.2

EPSS 0.0159

EPSS Percentile 72.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-610

Status published

Products (1)

discourse/discourse < 3.3.2

Published Oct 08, 2024

Tracked Since Feb 18, 2026