// For flags

CVE-2023-49098

Reaction data for user notifications exposed in Discourse-reactions

Severity Score

3.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.

Discourse-reactions es un complemento que permite al usuario agregar sus reacciones a la publicación. Los datos sobre las notificaciones de reacción de un usuario podrían quedar expuestos. Esta vulnerabilidad fue parcheada en el commit 2c26939.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-21 CVE Reserved
  • 2024-01-12 CVE Published
  • 2024-08-02 CVE Updated
  • 2025-04-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Discourse
Search vendor "Discourse"
 Discourse Reactions
Search vendor "Discourse" for product "Discourse Reactions"
 <= 0.4
Search vendor "Discourse" for product "Discourse Reactions" and version " <= 0.4"
discourse
Affected