Search criteria
2 vulnerabilities found for discourse-group-membership-ip-block by discourse
CVE-2024-24755 (GCVE-0-2024-24755)
Vulnerability from nvd – Published: 2024-02-01 22:14 – Updated: 2024-08-01 23:28
VLAI
Title
discourse-group-membership-ip-block is exposing potentially sensitive custom fields
Summary
discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse-group-memb… | x_refsource_CONFIRM |
| https://github.com/discourse/discourse-group-memb… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse-group-membership-ip-block |
Affected:
< b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T16:40:49.866944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:27.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m"
},
{
"name": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse-group-membership-ip-block",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T22:14:23.064Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m"
},
{
"name": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1"
}
],
"source": {
"advisory": "GHSA-r38c-cp8w-664m",
"discovery": "UNKNOWN"
},
"title": "discourse-group-membership-ip-block is exposing potentially sensitive custom fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24755",
"datePublished": "2024-02-01T22:14:23.064Z",
"dateReserved": "2024-01-29T20:51:26.010Z",
"dateUpdated": "2024-08-01T23:28:11.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24755 (GCVE-0-2024-24755)
Vulnerability from cvelistv5 – Published: 2024-02-01 22:14 – Updated: 2024-08-01 23:28
VLAI
Title
discourse-group-membership-ip-block is exposing potentially sensitive custom fields
Summary
discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse-group-memb… | x_refsource_CONFIRM |
| https://github.com/discourse/discourse-group-memb… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse-group-membership-ip-block |
Affected:
< b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T16:40:49.866944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:27.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m"
},
{
"name": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse-group-membership-ip-block",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T22:14:23.064Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m"
},
{
"name": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1"
}
],
"source": {
"advisory": "GHSA-r38c-cp8w-664m",
"discovery": "UNKNOWN"
},
"title": "discourse-group-membership-ip-block is exposing potentially sensitive custom fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24755",
"datePublished": "2024-02-01T22:14:23.064Z",
"dateReserved": "2024-01-29T20:51:26.010Z",
"dateUpdated": "2024-08-01T23:28:11.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}