CVE-2021-41140

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse-reactions versions prior to 0.2

Description The issue affects the Discourse-reactions plugin, allowing reactions to secure topics and private messages to be visible. This affects the confidentiality of user interactions within the platform.

Recommendations For versions prior to 0.2, update to version 0.2 to resolve the issue. As a temporary workaround for users unable to update, disable the Discourse-reactions plugin in the admin panel.

Fix

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-668

Related Identifiers

CVE-2021-41140

GHSA-9358-HWG5-JRMH

Affected Products

Discourse-Reactions

CVE-2021-41140

Weakness Enumeration

Related Identifiers

Affected Products

References · 5