Login Sign Up

CVE-2024-37157

6.4 MEDIUM
SSRF

📋 TL;DR

This vulnerability in Discourse allows attackers to manipulate the FastImage library to redirect requests to internal Discourse IP addresses, potentially enabling server-side request forgery (SSRF). All Discourse instances running vulnerable versions are affected. The attack requires the attacker to be able to submit malicious image URLs to the platform.

💻 Affected Systems

Products:
  • Discourse
Versions: All versions before 3.2.3 on stable branch, and before 3.3.0.beta4 on beta and tests-passed branches
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All standard Discourse installations are vulnerable if running affected versions.

📦 What is this software?

Discourse by Discourse

View all CVEs affecting Discourse →

Discourse by Discourse

View all CVEs affecting Discourse →

Discourse by Discourse

View all CVEs affecting Discourse →

Discourse by Discourse

View all CVEs affecting Discourse →

Discourse by Discourse

View all CVEs affecting Discourse →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker could access internal services, perform port scanning of internal networks, or interact with internal APIs to escalate privileges or exfiltrate sensitive data.

🟠

Likely Case

Information disclosure about internal network topology, potential access to internal services that shouldn't be exposed externally.

🟢

If Mitigated

Limited impact if network segmentation prevents internal service access from Discourse servers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to submit image URLs to Discourse (typically requires user account).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.3 on stable branch, 3.3.0.beta4 on beta and tests-passed branches

Vendor Advisory: https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68

Restart Required: Yes

Instructions:

1. Backup your Discourse instance. 2. Update to Discourse 3.2.3 (stable) or 3.3.0.beta4 (beta/tests-passed). 3. Restart the Discourse application. 4. Verify the update was successful.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Discourse servers from internal services.
  • Deploy web application firewall rules to block suspicious outbound requests from Discourse.

🔍 How to Verify

Check if Vulnerable:

Check Discourse version via admin panel or run: `cd /var/discourse && ./launcher status app`

Check Version:

cd /var/discourse && cat containers/app.yml | grep DISCOURSE_VERSION

Verify Fix Applied:

Confirm version is 3.2.3 or higher (stable) or 3.3.0.beta4 or higher (beta/tests-passed).

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from Discourse to internal IP ranges
  • Failed image processing requests with internal IP addresses in URLs

Network Indicators:

  • Discourse server making unexpected HTTP requests to internal network segments

SIEM Query:

source="discourse.logs" AND (url CONTAINS "192.168." OR url CONTAINS "10." OR url CONTAINS "172.16." OR url CONTAINS "127.0.0.1")

📊 Metadata

CVE ID: CVE-2024-37157
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-918
Published: July 3, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37157, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)