johnpbloch/wordpress-core is vulnerable to information disclosure. The vulnerability exists in the get_comment_excerpt
function in comment-template.php
because the comments from password-protected (non-public) posts and pages are not restricted from viewing under certain conditions.