Users can see notifications for topics they no longer have access to
Package
Discourse
(Discourse)
Affected versions
stable <= 2.8.11; beta <= 2.9.0.beta12; tests-passed <= 2.9.0.beta12
Patched versions
stable >= 2.8.12; beta >= 2.9.0.beta13; tests-passed >= 2.9.0.beta13
Impact
Under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed.
Patches
This issue is patched in the latest stable, beta and tests-passed versions of Discourse
Workarounds
There are no workarounds available.