BIT-discourse-2026-33408
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2026-33408.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-discourse-2026-33408
- Aliases
-
- CVE-2026-33408
- GHSA-wf9r-386h-g29c
- Published
- 2026-03-27T07:10:59.380Z
- Modified
- 2026-04-02T13:41:05.258933512Z
- Summary
- Discourse has Improper Authorization in "Post Edits" Report For Moderators
- Details
-
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
- Database specific
{ "severity": "Low", "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*" ] }- References
-
- https://github.com/discourse/discourse/commit/3bf3793a708662716c0a4eaf64ae091abe71ab4c
- https://github.com/discourse/discourse/commit/473288219e93cd17576cf15e4f0b9e388a31d0c1
- https://github.com/discourse/discourse/commit/62721429d4402505d21280bcbe5894032447d800
- https://github.com/discourse/discourse/security/advisories/GHSA-wf9r-386h-g29c
- https://nvd.nist.gov/vuln/detail/CVE-2026-33408
Affected packages
Bitnami / discourse
Package
- Name
- discourse
- Purl
- pkg:bitnami/discourse
Severity
- 2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator