19 matches found
CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...
CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...
CVE-2026-33415
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...
EUVD-2026-17574
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...
CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...
CVE-2026-27151 Discourse doesn't validate destination topic when moving posts
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
CVE-2023-31142
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of t...
EUVD-2023-35461
Malicious code in bioql PyPI...
BIT-DISCOURSE-2023-31142 Discourse's general category permissions could be set back to default
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of t...
CVE-2023-5549
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage...
PT-2023-32170 · Moodle +7 · Moodle +3
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient web service capability checks. This allowed users to move categories they had permission to manage to a parent...
CVE-2023-31142 Discourse's general category permissions could be set back to default
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of t...
PT-2023-23175 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.4 of the stable branch Discourse versions prior to 3.1.0.beta5 of the beta and tests-passed branches Description: Discourse is an open source discussion platform. If a site has modified their general category...
Discourse 安全漏洞
Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse versions prior to 3.0.4 stable, and prior to 3.1.0.beta5, which stems from the possibility that if a site modifies the regular...
CVE-2022-24804
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...
Design/Logic Flaw
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...
CVE-2022-24804 Private group name exposure in discourse
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...
Discourse 信息泄露漏洞
Discourse is an open source community discussion platform. The platform includes features such as communities, email, and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the fact that when a group with restricted visibility is used to set permissions for...
PT-2022-16890 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.3 Discourse beta versions prior to 2.9.0.beta4 Description: The issue concerns the erroneous exposure of groups in Discourse, an open source platform for community discussion. When a group with restricted...