CVE-2025-47288 – Discourse Policy Plugin Group Policy Information Disclosure

CVE ID : CVE-2025-47288

Published : May 29, 2025, 8:15 p.m. | 1 hour, 41 minutes ago

Description : Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…