Lucene search
K

8 matches found

OSV
OSV
added 2026/02/02 8:42 a.m.4 views

BIT-DISCOURSE-2026-24742 Discourse staff action logs expose sensitive information to moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.3AI score0.00255EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.9 views

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 9:16 p.m.7 views

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:11 p.m.7 views

CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:11 p.m.7 views

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/28 8:11 p.m.8 views

EUVD-2026-4869

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 8:11 p.m.19 views

CVE-2026-24742

Discourse (open‑source discussion platform) is affected in CVE-2026-24742 for versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. The issue allows non‑admin moderators to view sensitive data in staff action logs that should be restricted to administrators, exposing webhook URLs and secre...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5212

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Non-admin moderators can view...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References8
Rows per page
Query Builder