Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/02/26 7:19 p.m.21 views

CVE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 7:19 p.m.6 views

EUVD-2026-8878

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 7:19 p.m.2 views

CVE-2026-26973

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/26 7:19 p.m.9 views

CVE-2026-26973

Summary: CVE-2026-26973 affects Discourse before versions 2025.12.2, 2026.1.1, and 2026.2.0, where an IDOR in the ReviewableNotesController allows a user in a category moderation group to create or delete notes on any reviewable when enable_category_group_moderation is on. Root cause: unscoped Re...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2010/06/17 8:46 a.m.15 views

Can not UPDATE the "Viewable By" field of an issue

After the creation of an issue it is by default viewable by "All Users". It is not possible to change the value after re-editing that issue. After changing it and clicking the "Update" button, the viewable by entry stays "All Users"...

3.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/06/17 8:46 a.m.24 views

Can not UPDATE the "Viewable By" field of an issue

After the creation of an issue it is by default viewable by "All Users". It is not possible to change the value after re-editing that issue. After changing it and clicking the "Update" button, the viewable by entry stays "All Users"...

3.9AI score
Exploits0Affected Software1
Rows per page
Query Builder