CVE-2024-54142

Critical

Published: 14 January 2025

Published

14 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0026 49.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may gain access and continuously communicate with victims by injecting malicious content into systems through online network traffic.

Security Summary

CVE-2024-54142 is a cross-site scripting (XSS) vulnerability (CWE-79) with a CVSS v3.1 base score of 9.0 in the Discourse AI plugin, which adds AI features to the Discourse forum software. The flaw occurs when sharing Discourse AI Bot conversations into posts: if the conversation contains HTML entities, they can leak into the broader Discourse application when another user visits a post that includes a onebox preview of the conversation.

A low-privileged authenticated user (PR:L) can exploit this by generating or sharing an AI Bot conversation with malicious HTML entities. Exploitation requires low attack complexity (AC:L) over the network (AV:N) and user interaction (UI:R), such as a victim visiting the post with the onebox. Success grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) with changed scope (S:C), potentially allowing attackers to execute arbitrary scripts in victims' browsers and compromise their sessions.

The issue was fixed in commit 92f122c54d9d7ead9223a056270bff5b4c42c73f of the discourse-ai repository, as detailed in the GitHub security advisory GHSA-94c2-qr2h-88jv. Discourse advises users to update the plugin. Those unable to update can mitigate by removing all groups from the `ai bot public sharing allowed groups` site setting.

Details

CWE(s): CWE-79

AI Security Analysis

AI Category: Enterprise AI Assistants
Risk Domain: Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Discourse AI is a plugin providing AI features including an AI Bot for conversations, fitting Enterprise AI Assistants as it integrates AI assistance into forum software. The vulnerability involves improper handling of HTML entities in shared AI bot conversations, leading to potential leakage into posts.

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1659 Content Injection Initial Access

Adversaries may gain access and continuously communicate with victims by injecting malicious content into systems through online network traffic.

attack.mitre.org →

Why these techniques?

The vulnerability allows HTML entities from AI bot conversations to leak into Discourse posts via oneboxes, enabling exploitation of a public-facing web application (T1190) and content injection (T1659) for potential arbitrary code execution or impact.

References

https://github.com/discourse/discourse-ai/commit/92f122c54d9d7ead9223a056270bff5b4c42c73f
security-advisories@github.com
https://github.com/discourse/discourse-ai/security/advisories/GHSA-94c2-qr2h-88jv
security-advisories@github.com