3 matches found
CVE-2026-23743
Summary of CVE-2026-23743 (Discourse) : Prior to versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks to access-restricted resources (private topics/categories/posts/hidden tags) could redirect to URLs containing the resource slug in the Location header or 404 search box, leaking potent...
CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...