Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-07-27T21:40:11

Updated: 2024-08-03T23:33:55.835Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32788

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-07-27T22:15:07.597

Modified: 2024-11-21T06:07:44.510

Link: CVE-2021-32788

cve-icon Redhat

No data.