Vulnerabilities > CVE-2023-29218 - Unspecified vulnerability in Twitter Recommendation Algorithm 20230331
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. NOTE: Vendor states that allowing users to unfollow, mute, block, and report tweets and accounts and the impact of these negative engagements on Twitter’s ranking algorithm is a conscious design decision, rather than a security vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- https://github.com/twitter/the-algorithm/issues/1386
- https://github.com/twitter/the-algorithm/tree/ec83d01dcaebf369444d75ed04b3625a0a645eb9
- https://twitter.com/Kaptain_Kobold/status/1642379706925477888
- https://twitter.com/elonmusk/status/1642324821324230657
- https://steventey.com/blog/twitter-algorithm
- https://twitter.com/aakashg0/status/1641976913165180929