CNNVD-202601-4696 Information

CNNVD ID

CNNVD-202601-4696

Related CVE

CVE-2025-68479

• CNNVD Published: 2026-01-28

Description (Chinese)

Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.4之前版本、2025.11.2之前版本、2025.12.1之前版本和2026.1.0之前版本存在安全漏洞，该漏洞源于部分订阅端点在更改前缺乏适当的归属权检查。

Description (English)

Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a security loophole in previous versions of Discourse 3.5.4, before 2025.11.2, before 2025.12.1 and before 2026.1.0, which stems from the lack of proper ownership checks at some subscriber endpoints before change.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Discourse

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/discourse/discourse/security/advisories/GHSA-6gjr-5897-m327 https://access.redhat.com/security/cve/cve-2025-68479

Patch

https://github.com/discourse/discourse/tags