3 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of token scope restrictions in the /api/v1/user route group. An attacker can gain unauthorized access to or modify private account resources by using a token or OAuth grant marked as public-only,...
BIT-DISCOURSE-2026-30891 Discourse hasUnauthorized Exposure of Private User Action Types
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch...
CVE-2026-30891 Discourse hasUnauthorized Exposure of Private User Action Types
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a pat...