Discourse

Discourse

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-33425

  • EPSS 0.05%
  • Veröffentlicht 20.03.2026 23:12:30
  • Zuletzt bearbeitet 24.03.2026 19:41:56

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when us...

4.3

CVE-2026-33424

  • EPSS 0.04%
  • Veröffentlicht 20.03.2026 23:08:11
  • Zuletzt bearbeitet 24.03.2026 19:38:59

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, ...

4.3

CVE-2026-33423

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 23:06:21
  • Zuletzt bearbeitet 25.03.2026 19:12:32

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workaroun...

4.3

CVE-2026-33422

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 23:04:45
  • Zuletzt bearbeitet 24.03.2026 21:11:46

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `ip_address` of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP...

5.4

CVE-2026-33411

  • EPSS 0.04%
  • Veröffentlicht 20.03.2026 22:58:14
  • Zuletzt bearbeitet 24.03.2026 21:11:01

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. ...

5.4

CVE-2026-33291

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 22:56:06
  • Zuletzt bearbeitet 24.03.2026 21:10:46

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versi...

5.4

CVE-2026-33251

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 22:52:37
  • Zuletzt bearbeitet 24.03.2026 20:55:18

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3....

4.9

CVE-2026-30889

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 24.03.2026 20:00:25

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 20...

6.5

CVE-2026-30891

  • EPSS 0.04%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 24.03.2026 20:11:14

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0...

8.2

CVE-2026-31805

  • EPSS 0.1%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 24.03.2026 20:17:35

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of po...