Skip to content

Reaction metadata exposed in private topics

Moderate
jomaxro published GHSA-4cgc-c7vh-94g6 Apr 18, 2023

Package

discourse-reactions (Discourse)

Affected versions

0.2

Patched versions

0.3

Description

Impact

Data about what reactions were performed on a post in a private topic could be leaked.

Patches

The latest version of the Discourse Reactions plugin has the patch.

Workarounds

Disable the discourse-reactions plugin to fully mitigate the issue.

Severity

Moderate
4.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE ID

CVE-2023-30611

Weaknesses

No CWEs