CNNVD-202601-4694 Information
CNNVD ID
CNNVD-202601-4694
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.4之前版本、2025.11.2之前版本、2025.12.1之前版本和2026.1.0之前版本存在安全漏洞,该漏洞源于端点允许任何经过身份验证的用户绕过ai_discover_persona访问控制,可能导致未经授权的数据泄露和账户冒充。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a security loophole in previous versions of Discourse 3.5.4, before 2025.11.2, before 2025.12.1 and before 2026.1.0, which stems from the endpoint that allows any identity-certified user to bypass access controls of ai discover persona, which may lead to unauthorized data leaks and account impersonation.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Discourse
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/security/advisories/GHSA-mrvm-rprq-jqqh https://access.redhat.com/security/cve/cve-2025-68660
Patch
https://github.com/discourse/discourse/tags
Share on: