2 matches found
BIT-DISCOURSE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No...
BIT-DISCOURSE-2026-30891 Discourse hasUnauthorized Exposure of Private User Action Types
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch...