Lucene search
K

6 matches found

OSV
OSV
added 2026/03/03 1:29 p.m.4 views

BIT-DISCOURSE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.9AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.7 views

CVE-2026-27151

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.9AI score0.00154EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 7:57 p.m.5 views

EUVD-2026-8890

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.4AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 7:57 p.m.7 views

CVE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.9AI score0.00154EPSS
Exploits0References3
OSV
OSV
added 2020/03/16 4:15 p.m.2 views

UBUNTU-CVE-2020-1736

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

3.3CVSS7AI score0.00401EPSS
Exploits1References3
PyPA
PyPA
added 2020/03/16 4:15 p.m.6 views

PYSEC-2020-8

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

3.3CVSS6.2AI score0.00401EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder