SB2025020538 - Multiple vulnerabilities in Discourse
Published: February 5, 2025 Updated: July 1, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Origin validation error (CVE-ID: CVE-2024-55948)
CWE-ID: CWE-346 - Origin Validation Error
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the cache poisoning issue within XHR requests. A remote attacker can use a specially crafted XHR request to poison the anonymous cache.
2) Origin validation error (CVE-ID: CVE-2025-23023)
CWE-ID: CWE-346 - Origin Validation Error
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the cache poisoning issue within request headers. A remote attacker can use a specially crafted request with the right request headers to poison the anonymous cache.
3) Acceptance of Extraneous Untrusted Data With Trusted Data (CVE-ID: CVE-2024-47773)
CWE-ID: CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to poison the anonymous cache and modify content served to anonymous visitors.
The vulnerability exists due to improper cache handling in the anonymous cache mechanism when processing XHR requests. A remote attacker can make several XHR requests to poison the anonymous cache and modify content served to anonymous visitors.
This issue only affects anonymous visitors of the site.
Remediation
Install update from vendor's website.