CVE-2020-24327

MEDIUM5.3EPSS 0.19%

Published: 3/6/2024Modified: 4/3/2025

Description

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.

Affected packages (1)

Bitnami/discourse>= 2.3.2, < 2.3.3, >= 2.6.0, < 2.6.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References (3)

WEBhttps://github.com/discourse/discourse/pull/10509
WEBhttps://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-24327