CNNVD-202506-3177 Information

CNNVD ID

CNNVD-202506-3177

Related CVE

CVE-2025-49845

• CNNVD Published: 2025-06-25

Description (Chinese)

Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.4.6之前版本和3.5.0.beta8-dev之前版本存在信息泄露漏洞，该漏洞源于用户可继续查看自己的私密帖子。

Description (English)

Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is an information leakage loophole in previous versions of Discourse 3.4.6 and 3.5.0.beta8-dev, which stems from the fact that users can continue to view their private messages.

Hazard Level

Medium

Vulnerability Type

信息泄露

Affected Vendor

Diskover

Published

2025-06-25

Last Modified

2026-02-24

References

https://github.com/discourse/discourse/security/advisories/GHSA-79qw-r73r-69gf https://nvd.nist.gov/vuln/detail/CVE-2025-49845

Patch

https://github.com/discourse/discourse/tags