PT-2023-31053 · Nexkey · Nexkey
Nexryai
·
Publicado
2023-11-30
·
Atualizado
2023-12-05
·
CVE-2023-49095
CVSS v3.1
8.6
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
nexkey versions prior to 12.122.2
Description
The issue is related to insufficient validation of ActivityPub requests received in the inbox, which could allow any user to impersonate another user in certain circumstances.
Recommendations
For versions prior to 12.122.2, update to version 12.122.2 to resolve the issue. As a temporary workaround, consider restricting access to the inbox functionality to minimize the risk of exploitation.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nexkey