CVE-2023-43793

high

Description

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.

References

https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf

https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc

https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2

Details

Source: Mitre, NVD

Published: 2023-10-04

Updated: 2023-10-11

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High