Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.
{
"cwe_ids": [
"CWE-200"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47288.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "0.1.1"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "GitHub_M"
}