PT-2023-31047 · Misskey · Misskey

Perillamint

+1

·

Publicado

2023-11-29

·

Atualizado

2023-12-05

·

CVE-2023-49079

CVSS v3.1

9.3

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
Name of the Vulnerable Software and Affected Versions Misskey versions prior to 2023.11.1-beta.1
Description Misskey is an open source, decentralized social media platform. The issue allows arbitrary users to impersonate any remote user due to missing signature validation.
Recommendations For versions prior to 2023.11.1-beta.1, update to version 2023.11.1-beta.1 to resolve the issue. As a temporary workaround, consider restricting access to remote user impersonation functionality until the patch is applied.

Exploit

Correção

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-347

Identificadores relacionados

CVE-2023-49079
GHSA-3F39-6537-3CGC

Produtos afetados

Misskey