SSRF Vulnerability in Discourse Email Function Allows Remote Website Picture Upload
CVE-2020-24327 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
Learn more about our Web App Pen Testing.