CVE-2023-30611

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse-reactions versions prior to 0.3

Description The Discourse-reactions plugin for the Discourse messaging platform has an issue where data about reactions performed on a post in a private topic could be leaked. This affects the confidentiality of user interactions within private topics.

Recommendations For versions prior to 0.3, upgrade to version 0.3 to fully resolve the issue. For users unable to upgrade, disable the discourse-reactions plugin as a temporary workaround to mitigate the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-30611

GHSA-4CGC-C7VH-94G6

Affected Products

Discourse-Reactions

CVE-2023-30611

Weakness Enumeration

Related Identifiers

Affected Products

References · 7