Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse Policy plugin private group members visible
Vulnerability Description
Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Discourse Policy 信息泄露漏洞
Vulnerability Description
Discourse Policy是Discourse开源的一个插件,通过提醒确认用户已看到或做过某事。 Discourse Policy 0.1.1之前版本存在信息泄露漏洞,该漏洞源于未正确处理私有组策略,可能导致组成员信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A