Reactions leak for secure category topics and private messages
CVE-2021-41140

5.3MEDIUM

Key Information:

Vendor: Discourse
Status: Discourse-reactions
Vendor: CVE Published:; 19 October 2021

What is CVE-2021-41140?

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

discourse-reactions < 0.2

References

https://github.com/discourse/discourse-reactions/security...

x_refsource_CONFIRM

https://github.com/discourse/discourse-reactions/commit/2...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2021
Vulnerability Reserved
Sep 15, 2021

JSON

Discourse

What is CVE-2021-41140?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.