CVE-2024-53991
Discourse backup file disclosure via default Nginx configuration (CVE-2024-53991) affects Discourse instances using FileStore::LocalStore for local uploads/backups. Attackers who know a backup filename can trick nginx into serving the backup file, exposing complete backups with sensitive data. Th...