CVE-2022-24866
CVE-2022-24866 affects the Discourse Assign plugin; before 1.0.1, UserBookmarkSerializer exposed full User/Group data to parties allowed to view assignment info, risking private information leakage. Version 1.0.1 contains a patch; no public workarounds are documented. Remediation is to upgrade to...