CVE-2024-24827

Summary

CVE-2024-24827 is a vulnerability affecting Discourse, an open-source community discussion platform. This issue stems from the lack of a rate limit on the POST /uploads endpoint, making it simpler for attackers to launch a Denial of Service (DoS) attack against the server. The impact of this vulnerability can vary, depending on the specific site settings, such as `max_image_size_kb`, `max_attachment_size_kb`, and `max_image_megapixels`. The vulnerability is resolved in the latest stable, beta, and tests-passed versions of Discourse. Users are strongly encouraged to upgrade. For those unable to upgrade, reducing the aforementioned settings or limiting `client_max_body_size` in Nginx can provide additional protection against large uploads.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.