CVE-2023-29218
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.1%
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. NOTE: Vendor states that allowing users to unfollow, mute, block, and report tweets and accounts and the impact of these negative engagements on Twitterβs ranking algorithm is a conscious design decision, rather than a security vulnerability.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| twitter:recommendation_algorithm | twitter recommendation algorithm | le | 2023-03-31 |
References
github.com/twitter/the-algorithm/issues/1386
github.com/twitter/the-algorithm/tree/ec83d01dcaebf369444d75ed04b3625a0a645eb9
steventey.com/blog/twitter-algorithm
twitter.com/aakashg0/status/1641976913165180929
twitter.com/elonmusk/status/1642324821324230657
twitter.com/Kaptain_Kobold/status/1642379706925477888
Social References
More
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.1%