Skip to main content

Discourse Reactions CVE-2021-41140

MEDIUM
Exposure of Resource to Wrong Sphere (CWE-668)
2021-10-19 security-advisories@github.com
5.3
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (github) · only source for this CVE.

CVSS VectorVendor: github

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 19, 2021 - 18:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel.

AnalysisAI

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Technical ContextAI

This vulnerability is classified as Exposure of Resource to Wrong Sphere (CWE-668), which allows attackers to access resources from an unintended security context. Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel. Affected products include: Discourse Discourse Reactions. Version information: version 0.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement proper access controls, validate resource access permissions, use security boundaries.

Share

CVE-2021-41140 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy