Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 27/07/2021 Updated: 05/08/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Discourse is an open source discussion platform. In versions before 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.

Vulnerable Product	Search on Vulmon	Subscribe to Product
discourse discourse

CWE-668 https://github.com/discourse/discourse/commit/dbdf61196d9e964e8823793d2e7f856595fea4d9 https://github.com/discourse/discourse/security/advisories/GHSA-v6xg-q577-vc92 https://github.com/discourse/discourse/commit/680024f9071b7696e5a444a58791016c6dc1f1e5 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-32788

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect