Users can edit the tags of any discussion
This advisory concerns a vulnerability which was patched and publicly released on October 5, 2020. Impact This vulnerability allowed any registered user to edit the tags of any discussion for which they have READ access using the REST API. Users were able to remove any existing tag, and add any tag in which they are allowed to create discussions. The chosen tags still had to match the configured Tags minimums …