5 matches found
Discourse 3.5.x < 3.5.0.beta8 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2025-49845
creationtimestamp| type| source ---|---|--- 2025-06-25 15:52:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19464...
CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers
Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...
CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers
Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...
CVE-2025-49845
Discourse has a vulnerability (CVE-2025-49845) where users on versions prior to 3.4.6 (stable) or 3.5.0.beta8-dev (tests-passed) can still view their own whispers after losing visibility to posts typed whisper. The issue is fixed in 3.4.6 and 3.5.0.beta8-dev. No publicly provided workarounds are ...