2 matches found
CVE-2021-41140
CVE-2021-41140 affects the Discourse-reactions plugin for Discourse. The issue allows reactions selected by a user on secure topics and private messages to be visible to others. It specifically concerns versions prior to 0.2. A fix is available in version 0.2 of discourse-reaction; as a workaroun...
CVE-2023-49098
CVE-2023-49098 affects the Discourse-Reactions plugin for Discourse. Data about a user’s reaction notifications could be exposed; this was mitigated by patch commit 2c26939. The CVSSv3.1 base metrics from the record are: AV:N/AC:L/PR:L/UI:R/S:U, Confidentiality Impact: Low, Integrity/Availability...