A bug in bluez prevents the disabling of Bluetooth discoverability. In certain situations, this flaw could potentially lead to the unauthorized pairing of Bluetooth devices.
Upstream workaround in gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89
Note that the actual bug is not in gnome-bluetooth.
RHEL is not affected as RHEL-7 is running Gnome 3.26, which is not impacted.
Created bluez tracking bugs for this issue:
Affects: fedora-all [bug 1606371]
Name: Chris Marchesi
It appears that a fix was merged upstream and may be available in a future release of BlueZ 5.51. gnome-bluetooth-3.28.2 will take advantage of this fix.