CVE-2023-49098

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Jan 12, 2024
Updated: Jan 25, 2024
CWE ID 284

Summary

CVE-2023-49098 is a vulnerability affecting Discourse-reactions, a plugin used to allow users to add reactions to posts. This issue exposes data related to user reaction notifications, potentially enabling unauthorized parties to access this information. Although this vulnerability has been addressed through commit 2c26939, it could have significant implications for user privacy if exploited. Organizations using Discourse with this plugin are advised to implement the patch as soon as possible to mitigate the risk of unintended data disclosure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share