CVE-2024-21658
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-21658 is a vulnerability in the discourse-calendar plugin for Discourse, which can lead to excessive bandwidth and disk space usage due to an overly generous limit on region value length. Affected products include versions of Discourse utilizing this plugin. The vulnerability has been assigned a medium severity rating, with an exploitability score of 2.8, and requires low privileges to exploit with no user interaction necessary. Organizations are advised to upgrade their Discourse instances promptly, as no workarounds are available for this issue. Failure to remediate could result in resource exhaustion and potential service disruptions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.