Missing Authentication for Critical Function in answerdev/answer
Description
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authentication for a critical function in answerdev/answer prior to v1.1.3 allows unauthenticated users to manipulate notification triggers.
The vulnerability identified in CVE-2023-4815 is a missing authentication check for a critical function in the Apache Answer Q&A platform (formerly answerdev/answer), affecting versions prior to v1.1.3 [1]. The root cause lies in the notification management logic, specifically within the functions responsible for sending accept-answer and cancel-accept-answer notifications [2]. The code previously did not properly validate or set the TriggerUserID field in notification messages, allowing an unauthenticated attacker to trigger notifications on behalf of any user without proper authorization [2].
Exploitation of this vulnerability does not require any authentication, as the affected endpoints lack credential checks for this critical function [1]. An attacker can craft requests to manipulate notification triggers, potentially impersonating other users or creating confusion within the platform. The attack surface is network-based, and no special privileges are needed beyond network access to the Answer instance [1][4].
The impact of exploitation includes the ability for an unauthenticated attacker to send forged notifications, which could be used for social engineering, spam, or to disrupt the normal operation of the Q&A platform [2][4]. This undermines the trust and integrity of user interactions, as notifications are a key communication channel in collaborative question-and-answer systems.
The issue was addressed in the commit e75142a55546e01d8904f59db228422561f51666, which is included in version v1.1.3 of the Answer software [1][2]. Users are strongly advised to update to v1.1.3 or later to disable this vulnerability [1][3]. No workarounds have been publicly documented; patching is the recommended mitigation.
- NVD - CVE-2023-4815
- fix(answer): fix incorrect notification's triggerUserID when cancel a… · apache/answer@e75142a
- GitHub - apache/answer: A Q&A platform software for teams at any scales. Whether it's a community forum, help center, or knowledge management platform, you can always count on Apache Answer.
- The world’s first bug bounty platform for AI/ML
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/answerdev/answerGo | < 1.1.3 | 1.1.3 |
Affected products
2- answerdev/answerdev/answerv5Range: unspecified
Patches
1e75142a55546fix(answer): fix incorrect notification's triggerUserID when cancel accepted answer
2 files changed · +4 −7
internal/base/middleware/auth.go+1 −1 modified@@ -126,7 +126,7 @@ func (am *AuthUserMiddleware) AdminAuth() gin.HandlerFunc { return } userInfo, err := am.authService.GetAdminUserCacheInfo(ctx, token) - if err != nil { + if err != nil || userInfo == nil { handler.HandleResponse(ctx, errors.Forbidden(reason.UnauthorizedError), nil) ctx.Abort() return
internal/repo/activity/answer_repo.go+3 −6 modified@@ -55,7 +55,6 @@ func (ar *AnswerActivityRepo) SaveAcceptAnswerActivity(ctx context.Context, op * return nil } - ar.data.DB.ShowSQL(true) // save activity _, err = ar.data.DB.Transaction(func(session *xorm.Session) (result any, err error) { session = session.Context(ctx) @@ -311,12 +310,11 @@ func (ar *AnswerActivityRepo) sendAcceptAnswerNotification( Type: schema.NotificationTypeAchievement, ObjectID: op.AnswerObjectID, ReceiverUserID: act.ActivityUserID, + TriggerUserID: act.TriggerUserID, } if act.ActivityUserID == op.QuestionUserID { - msg.TriggerUserID = op.AnswerUserID msg.ObjectType = constant.AnswerObjectType } else { - msg.TriggerUserID = op.QuestionUserID msg.ObjectType = constant.AnswerObjectType } if msg.TriggerUserID != msg.ReceiverUserID { @@ -329,9 +327,9 @@ func (ar *AnswerActivityRepo) sendAcceptAnswerNotification( ReceiverUserID: act.ActivityUserID, Type: schema.NotificationTypeInbox, ObjectID: op.AnswerObjectID, + TriggerUserID: op.TriggerUserID, } if act.ActivityUserID != op.QuestionUserID { - msg.TriggerUserID = op.QuestionUserID msg.ObjectType = constant.AnswerObjectType msg.NotificationAction = constant.NotificationAcceptAnswer ar.notificationQueueService.Send(ctx, msg) @@ -343,15 +341,14 @@ func (ar *AnswerActivityRepo) sendCancelAcceptAnswerNotification( ctx context.Context, op *schema.AcceptAnswerOperationInfo) { for _, act := range op.Activities { msg := &schema.NotificationMsg{ + TriggerUserID: act.TriggerUserID, ReceiverUserID: act.ActivityUserID, Type: schema.NotificationTypeAchievement, ObjectID: op.AnswerObjectID, } if act.ActivityUserID == op.QuestionObjectID { - msg.TriggerUserID = op.AnswerObjectID msg.ObjectType = constant.QuestionObjectType } else { - msg.TriggerUserID = op.QuestionObjectID msg.ObjectType = constant.AnswerObjectType } if msg.TriggerUserID != msg.ReceiverUserID {
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.