Lucene search

[email protected]NVD:CVE-2023-49079

HistoryNov 29, 2023 - 7:15 p.m.

CVE-2023-49079

2023-11-2919:15:07

CWE-347

[email protected]

web.nvd.nist.gov

misskey

signature validation

vulnerability

patched

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.1%

JSON

Misskey is an open source, decentralized social media platform. Misskey’s missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.

Affected configurations

NVD

Node

misskeymisskeyRange<2023.11.1

References

github.com/misskey-dev/misskey/security/advisories/GHSA-3f39-6537-3cgc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for NVD:CVE-2023-49079

cve1 osv1 prion1 cvelist1