Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-07-27T21:40:11
Updated: 2024-08-03T23:33:55.835Z
Reserved: 2021-05-12T00:00:00
Link: CVE-2021-32788
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-07-27T22:15:07.597
Modified: 2024-11-21T06:07:44.510
Link: CVE-2021-32788
Redhat
No data.