CVERadar

CVE-2024-53991

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.25193/1

CVE-2024-53991: Discourse instances configured to use FileStore::LocalStore are vulnerable, allowing attackers who know the backup filename to potentially retrieve backup files due to a misconfiguration issue with nginx. The SVRS score is 30. While the CVSS score is 0, indicating no immediate exploitability without specific configurations, the SVRS acknowledges a potential risk due to misconfiguration. This vulnerability can lead to sensitive data exposure if backup files are compromised. It's crucial to upgrade your Discourse instance to the latest patched version to mitigate this risk. Until the upgrade, consider disabling backups or changing the backup_location to S3 to safeguard backup data. Although not critically urgent (SVRS of 30), remediation is recommended to prevent potential information disclosure.

Description

CVE-2024-53991 is a vulnerability in Discourse, an open source platform for community discussion. This vulnerability allows attackers to potentially gain access to sensitive data stored in Discourse backups if the instance is configured to use FileStore::LocalStore. This means that uploads and backups are stored locally on the disk, making them vulnerable to unauthorized access through crafted requests.

The SOCRadar Vulnerability Risk Score (SVRS) for this vulnerability is 34, indicating a moderate risk. While the CVSS score is 7.5, which suggests a high severity, the SVRS takes into account other factors like threat actor activity, exploit availability, and potential impact.

Key Insights

Exploitation Method: This vulnerability can be exploited by attackers who know the name of the Discourse backup file. They can then craft a specially designed request to trick the nginx web server into sending the backup file, potentially exposing sensitive data.
Impact: Successful exploitation of this vulnerability could lead to the disclosure of sensitive data stored in Discourse backups, including user information, forum content, and potentially confidential data.
In The Wild: This vulnerability has been observed being actively exploited by hackers in the wild.
Threat Actor: The threat actor(s) exploiting this vulnerability have not been publicly identified.

Mitigation Strategies

Upgrade Discourse: The most effective mitigation strategy is to upgrade Discourse to the latest stable, beta, or tests-passed versions, which include a fix for this vulnerability.
Disable Backup Feature: If upgrading is not immediately possible, disable the enable_backups site setting and delete all existing local backups. This will prevent further backups from being created, mitigating the risk of data exposure.
Change Backup Location: Configure the backup_location site setting to s3, which will store backups on the S3 cloud platform, eliminating the local storage vulnerability.
Network Segmentation: Implement network segmentation to isolate the Discourse server from other critical systems, limiting the potential impact of a successful attack.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-53991 | Discourse FileStore::LocalStore information disclosure (GHSA-567m-82f6-56rv)

vuldb.com2024-12-19

CVE-2024-53991 | Discourse FileStore::LocalStore information disclosure (GHSA-567m-82f6-56rv) | A vulnerability classified as problematic has been found in Discourse. This affects the function FileStore::LocalStore. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-53991. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component

vuldb.com

rss

forum

news

Social Media

ET Labs

@ET_Labs

25 days ago

52 new OPEN, 81 new PRO (52 + 29) Discourse (CVE-2024-53991), Github (CVE-2024-9487), Kubernetes (CVE-2023-5044), LandUpdate808, TA452, TA569, Win32/Lumma Stealer,Win32/XWorm, ZPHP https://t.co/eKTn1Vd157

ET Labs

@ET_Labs

28 days ago

19 new OPEN, 30 new PRO (19 + 11) Discourse Backup File Disclosure via Default Nginx Configuration (CVE-2024-53991), Next.js Middleware Authorization Bypass (CVE-2025-29927), SvcStealer, and more. Thanks @monitorsg https://t.co/rlATMjORPj

Hossted

@Hossted_OSS

2024-12-23

2️⃣ In #Discourse, a high severity #flaw could let attackers access backup files by crafting specific requests. Update to stable 3.3.3, beta 3.4.0.beta4, or tests-passed 3.4.0.beta4 to safeguard your data (Reference: CVE-2024-53991).

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://github.com/discourse/discourse/security/advisories/GHSA-567m-82f6-56rv

CWE Details

CWE ID	CWE Name	Description
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence