Improper access control in Discourse - CVE-2022-21642
Published: January 5, 2022 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in the composer user suggestions feature when composing a message from a topic. A remote user can compose a message from a topic to disclose sensitive information.
The issue reveals whisper participants.