CVE-2023-49098

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.
Configurations

Configuration 1 (hide)

cpe:2.3:a:discourse:discourse_reactions:*:*:*:*:*:discourse:*:*

History

25 Jan 2024, 15:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.5
References () https://github.com/discourse/discourse-reactions/commit/2c26939395177730e492640d71aac68423be84fc - () https://github.com/discourse/discourse-reactions/commit/2c26939395177730e492640d71aac68423be84fc - Patch
References () https://github.com/discourse/discourse-reactions/security/advisories/GHSA-mq82-7v5x-rhv8 - () https://github.com/discourse/discourse-reactions/security/advisories/GHSA-mq82-7v5x-rhv8 - Vendor Advisory
CPE cpe:2.3:a:discourse:discourse_reactions:*:*:*:*:*:discourse:*:*
First Time Discourse
Discourse discourse Reactions

12 Jan 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-12 21:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-49098

Mitre link : CVE-2023-49098

CVE.ORG link : CVE-2023-49098


JSON object : View

Products Affected

discourse

  • discourse_reactions
CWE
CWE-284

Improper Access Control