Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership
Vulnerability Description
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Discourse 安全漏洞
Vulnerability Description
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 2026.3.0-latest.1之前版本、2026.2.1之前版本和2026.1.2之前版本存在安全漏洞,该漏洞源于具有提升群组成员资格的非工作人员用户可访问任何用户的已删除帖子,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A