How severe is CVE-2022-24824?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-24824?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2022-24824 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2019-16951

MEDIUM

CVSS:5.3(Medium)

A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST ...

CWE-8292019

CVE-2021-29777

MEDIUM

CVSS:5.3(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could a...

CWE-8292021

CVE-2022-24329

MEDIUM

CVSS:5.3(Medium)

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

CWE-8292022

CVE-2022-31021

MEDIUM

CVSS:5.3(Medium)

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does ...

CWE-8292022

CVE-2021-20843

MEDIUM

CVSS:5.4(Medium)

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier all...

CWE-8292021

CVE-2020-13977

MEDIUM

CVSS:4.9(Medium)

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of th...

CWE-8292020