CVE-2026-33408
LOW2.7EPSS 0.01%Discourse has Improper Authorization in "Post Edits" Report For Moderators
發布日:2026/3/27修改日:2026/4/2
描述
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
受影響套件(1)
- Bitnami/discourse>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
參考連結(5)
- WEBhttps://github.com/discourse/discourse/commit/3bf3793a708662716c0a4eaf64ae091abe71ab4c
- WEBhttps://github.com/discourse/discourse/commit/473288219e93cd17576cf15e4f0b9e388a31d0c1
- WEBhttps://github.com/discourse/discourse/commit/62721429d4402505d21280bcbe5894032447d800
- WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-wf9r-386h-g29c
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-33408