SSRF Vulnerability in Discourse Email Function Allows Remote Website Picture Upload

SSRF Vulnerability in Discourse Email Function Allows Remote Website Picture Upload

CVE-2020-24327 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.

Learn more about our Web App Pen Testing.