flarum/core is vulnerable to Information Disclosure. The vulnerability exists due to the the sync
function in NotificationSyncer.php
not checking if the restricted subject can be seen by the receiver, which allows an attacker to bypass access checks and gain access to sensitive posts.
CPE | Name | Operator | Version |
---|---|---|---|
flarum/core | le | v1.6.2 | |
flarum/core | le | v1.6.2 |
github.com/advisories/GHSA-8gcg-vwmw-rxj4
github.com/flarum/framework/commit/a131e87911b6c0499c2f0472d985164f5ff0c3c4
github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a
github.com/flarum/framework/releases/tag/v1.6.3
github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4