PT-2026-26543 · Discourse · Discourse

Jomaxro

Publicado

2026-03-20

Atualizado

2026-03-27

CVE-2026-31869

CVSS v4.0

5.3

Média

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2

Description Discourse is an open-source discussion platform. The ComposerController#mentions API endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowed names referencing a hidden-membership group and probing arbitrary usernames, an attacker can infer membership based on whether user reasons returns "private" for a given user. This bypasses group member-visibility controls.

Recommendations Restrict the messageable policy of any hidden-membership group to staff or group members only, so untrusted users cannot reach the vulnerable code path.

Exploit

Correção

Improper Authorization

Information Disclosure

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-200CWE-639

Identificadores relacionados

BIT-DISCOURSE-2026-31869

CVE-2026-31869

GHSA-5F9H-VP7V-7VQ5

Produtos afetados

Discourse

PT-2026-26543 · Discourse · Discourse

CVE-2026-31869

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7