CVE-2024-23654 - Vulnerability Details - OpenCVE

discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Discourse	Ai

Configuration 1 [-]

cpe:2.3:a:discourse:ai:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd
https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc

History

Wed, 05 Feb 2025 22:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Discourse Discourse ai
CPEs		cpe:2.3:a:discourse:ai::::::::
Vendors & Products		Discourse Discourse ai

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-21T20:28:12.939Z

Updated: 2024-08-01T23:06:25.361Z

Reserved: 2024-01-19T00:18:53.234Z

Link: CVE-2024-23654

Vulnrichment

Updated: 2024-08-01T23:06:25.361Z

NVD

Status : Analyzed

Published: 2024-02-21T21:15:09.060

Modified: 2025-02-05T22:04:36.977

Link: CVE-2024-23654

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23654", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-19T00:18:53.234Z", "datePublished": "2024-02-21T20:28:12.939Z", "dateUpdated": "2024-08-01T23:06:25.361Z"}, "containers": {"cna": {"title": "discourse-ai admin-initiated SSRF when interacting with AI services", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc"}, {"name": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd"}], "affected": [{"vendor": "discourse", "product": "discourse-ai", "versions": [{"version": "< 94ba0dadc2cf38e8f81c3936974c167219878edd", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-21T20:28:12.939Z"}, "descriptions": [{"lang": "en", "value": "discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin.\n"}], "source": {"advisory": "GHSA-32cj-rm2q-22cc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23654", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:23:27.465919Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:54.681Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.361Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc"}, {"name": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc", "name": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd", "name": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.361Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23654", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:23:27.465919Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.553Z"}}], "cna": {"title": "discourse-ai admin-initiated SSRF when interacting with AI services", "source": {"advisory": "GHSA-32cj-rm2q-22cc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "discourse", "product": "discourse-ai", "versions": [{"status": "affected", "version": "< 94ba0dadc2cf38e8f81c3936974c167219878edd"}]}], "references": [{"url": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc", "name": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd", "name": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-21T20:28:12.939Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23654", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:06:25.361Z", "dateReserved": "2024-01-19T00:18:53.234Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-21T20:28:12.939Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:ai:*:*:*:*:*:*:*:*", "matchCriteriaId": "884AE777-8F5B-401E-815D-71A4E7F8D8BF", "versionEndExcluding": "2024-02-21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin.\n"}, {"lang": "es", "value": "discurso-ai es el complemento de inteligencia artificial para la plataforma de discusi\u00f3n de c\u00f3digo abierto Discourse. Antes del commit 94ba0dadc2cf38e8f81c3936974c167219878edd, las interacciones con diferentes servicios de IA son vulnerables a ataques SSRF iniciados por el administrador. Las versiones del complemento que incluyen el commit 94ba0dadc2cf38e8f81c3936974c167219878edd contienen un parche. Como workaround, se puede desactivar el complemento discurso-ai."}], "id": "CVE-2024-23654", "lastModified": "2025-02-05T22:04:36.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-21T21:15:09.060", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}