{"vulnerability": "CVE-2021-32788", "sightings": [{"uuid": "9624c8c5-a303-4535-ba5f-b699b5d497af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32788", "type": "seen", "source": "https://t.me/cibsecurity/26550", "content": "\u203c CVE-2021-32788 \u203c\n\nDiscourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-28T02:12:46.000000Z"}]}