BIT-discourse-2026-27162
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2026-27162.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-discourse-2026-27162
- Aliases
-
- CVE-2026-27162
- GHSA-gffm-43j4-372w
- Published
- 2026-03-03T13:29:27.139Z
- Modified
- 2026-03-03T14:25:56.724463Z
- Summary
- DIscourse doesn't prevent whispers to leak in excerpts
- Details
-
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0,
posts_nearbywas checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. UsePost.secured(guardian)to properly filter post types based on user permissions. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. - Database specific
{ "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / discourse
Package
- Name
- discourse
- Purl
- pkg:bitnami/discourse
Severity
- 4.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator