VYPR

Discourse Policy

by Discourse (software)

Source repositories

CVEs (2)

  • CVE-2025-47288LowMay 29, 2025
    risk 0.16cvss 3.5epss 0.00

    Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched…

  • CVE-2026-28282Mar 19, 2026
    risk 0.00cvss epss 0.00

    Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once…