BIT-discourse-2026-33428
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2026-33428.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-discourse-2026-33428
- Aliases
-
- CVE-2026-33428
- GHSA-frcw-p4mc-x6mp
- Published
- 2026-03-27T07:11:24.928Z
- Modified
- 2026-04-02T13:41:16.797855382Z
- Summary
- Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership
- Details
-
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
- Database specific
{ "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / discourse
Package
- Name
- discourse
- Purl
- pkg:bitnami/discourse
Severity
- 4.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator