Description

Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.

INFO

Published Date :

2025-05-29T19:25:49.798Z

Last Modified :

2025-05-30T12:35:34.217Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47288 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47288.

URL Resource
https://github.com/discourse/discourse-policy/commit/6b4390fe486408cc86ccea6b091406cfac6c5b8f cve-icon cve-icon
https://github.com/discourse/discourse-policy/security/advisories/GHSA-jc5r-rm2j-mh4x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact