← voltar
CVE-2023-43793

Misskey allows users to bypass authentication of Bull dashboard

CVSS 7.5 HIGHEPSS 0.7%CWE-287
Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
misskey-dev · misskey

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqchttps://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf