Lucene search
K

9 matches found

OSV
OSV
added 2026/03/27 7:10 a.m.1 views

BIT-DISCOURSE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership group and...

5.3CVSS6AI score0.00179EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31869

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS6AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 3:15 a.m.4 views

CVE-2026-31869

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:10 a.m.1 views

CVE-2026-31869

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS6AI score0.00179EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/20 3:10 a.m.3 views

EUVD-2026-13496

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS6AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 3:10 a.m.11 views

CVE-2026-31869

Product/impact: Discourse, an open-source discussion platform, is affected by CVE-2026-31869 prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Root cause: The ComposerController#mentions endpoint can reveal hidden group membership to any authenticated user who can message the group by ...

5.3CVSS6AI score0.00179EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/20 3:10 a.m.23 views

CVE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS0.00179EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These vulnerabilities stem from...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26543

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The ComposerControllermentions API endpoint reveals hidden gro...

5.3CVSS6AI score0.00179EPSS
Exploits0References5
Rows per page
Query Builder