5 matches found
BIT-DISCOURSE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content was exposed, only metadata about who read the post...
CVE-2026-32620
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...
CVE-2026-33185 Discourse: Group SMTP test endpoint susceptible to SSRF
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts a...
CVE-2026-32620
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...
CVE-2026-32620
Summary: CVE-2026-32620 affects Discourse. From 2026.1.0-latest up to before 2026.1.3, 2026.2.0-latest up to before 2026.2.2, and 2026.3.0-latest up to before 2026.3.0, non-staff users could access read receipt metadata for staff-only posts they were not supposed to see. No post content was expos...