Vulnerabilities > CVE-2023-43793 - Unspecified vulnerability in Misskey
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.
Vulnerable Configurations
References
- https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2
- https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc
- https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf
- https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf