CVE-2026-33251

MEDIUM5.4EPSS 0.06%

Discourse has a Hidden Solved topics permission bypass

發布日:2026/3/27修改日:2026/4/2

描述

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure only trusted users are part of the Site Setting for accept_all_solutions_allowed_groups.

受影響套件(1)

Bitnami/discourse>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

參考連結(2)

WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-vm2x-9h8x-7jxm
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-33251