6 matches found
BIT-DISCOURSE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership group and...
CVE-2026-31869
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...
CVE-2026-31869
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...
CVE-2026-31869
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...
CVE-2026-31869
Product/impact: Discourse, an open-source discussion platform, is affected by CVE-2026-31869 prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Root cause: The ComposerController#mentions endpoint can reveal hidden group membership to any authenticated user who can message the group by ...
PT-2026-26543
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The ComposerControllermentions API endpoint reveals hidden gro...