CVE-2023-49095

EPSS 0.57%
Veröffentlicht 30.11.2023 07:15:09
Zuletzt bearbeitet 21.11.2024 08:32:48
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

nexkey allows arbitrary users to impersonate any remote user due to missing signature validation

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nexryai ≫ Nexkey SwPlatformnode.js Version < 12.122.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.424

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab

Patch

https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49095

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49095

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49095

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-49095