4 matches found
CVE-2024-24817
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
CVE-2024-24817
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
CVE-2024-24817
CVE-2024-24817 concerns the Discourse Calendar plugin. Prior to version 0.4, event invitees created in topics in private categories or private messages could be retrieved by anyone, even when not logged in. The issue is resolved in version 0.4 of the discourse-calendar plugin. Some partial mitiga...
CVE-2024-24817 User can see invitees in events created in PMs and private categories
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...