What is the severity of CVE-2024-24755?

CVE-2024-24755 has a moderate severity rating due to the potential exposure of sensitive group custom fields.

How do I fix CVE-2024-24755?

To fix CVE-2024-24755, update the Discourse Group Membership IP Block plugin to the latest version where the issue has been patched.

What vulnerabilities are associated with CVE-2024-24755?

CVE-2024-24755 can lead to unintended information disclosure as it exposes group custom fields to clients.

Which software is affected by CVE-2024-24755?

CVE-2024-24755 affects the Discourse Group Membership IP Blocks plugin.

What is the impact of CVE-2024-24755 on user data?

The impact of CVE-2024-24755 on user data is that it may lead to unauthorized users gaining access to sensitive group information.

Vulnerability/
CVE-2024-24755

medium

5.3

CWE

200

EPSS

0.046%

1/2/2024

1/8/2024

CVE-2024-24755: discourse-group-membership-ip-block is exposing potentially sensitive custom fields

First published: Thu Feb 01 2024(Updated: )

discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Discourse Group Membership Ip Blocks

Remedy

https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-24755?
CVE-2024-24755 has a moderate severity rating due to the potential exposure of sensitive group custom fields.
How do I fix CVE-2024-24755?
To fix CVE-2024-24755, update the Discourse Group Membership IP Block plugin to the latest version where the issue has been patched.
What vulnerabilities are associated with CVE-2024-24755?
CVE-2024-24755 can lead to unintended information disclosure as it exposes group custom fields to clients.
Which software is affected by CVE-2024-24755?
CVE-2024-24755 affects the Discourse Group Membership IP Blocks plugin.
What is the impact of CVE-2024-24755 on user data?
The impact of CVE-2024-24755 on user data is that it may lead to unauthorized users gaining access to sensitive group information.

agent/weakness
agent/references
agent/title
agent/type
agent/first-publish-date
agent/description
agent/author
agent/event
agent/severity
agent/remedy
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/discourse
canonical/discourse group membership ip blocks

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.