CVE-2026-33291

EPSS 0.02%

Discourse user can create Zendesk tickets even when it does not have access to topic

發布日:2026/3/27修改日:2026/4/2

也稱為:GHSA-p26h-jqr4-r6j7BIT-discourse-2026-33291

描述

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

受影響套件(1)

Bitnami/discourse>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

參考連結(2)

WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-p26h-jqr4-r6j7
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-33291