CNNVD-202601-4655 Information
CNNVD ID
CNNVD-202601-4655
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.4之前版本、2025.11.2之前版本、2025.12.1之前版本和2026.1.0之前版本存在信息泄露漏洞,该漏洞源于指向受限资源的永久链接会重定向用户,可能导致信息泄露。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is an information leakage loophole in previous versions of Discourse 3.5.4, 2025.11.2, 2025.12.1 and before 2026.1.0, which stems from the re-targeting of the permanent link to restricted resources, which may lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
信息泄露
Affected Vendor
Discourse
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/security/advisories/GHSA-v5jw-rxc6-4cvv https://access.redhat.com/security/cve/cve-2026-23743
Patch
https://github.com/discourse/discourse/tags
Share on: