Vulnerability Description
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nexryai | Nexkey | < 12.121.9 |
Related Weaknesses (CWE)
References
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqcNot Applicable
- https://github.com/nexryai/nexkey/commit/d89575c521fd4492f5e2ba5a221c5e8f1382081Patch
- https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwfVendor Advisory
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqcNot Applicable
- https://github.com/nexryai/nexkey/commit/d89575c521fd4492f5e2ba5a221c5e8f1382081Patch
- https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwfVendor Advisory
FAQ
What is CVE-2023-43805?
CVE-2023-43805 is a vulnerability with a CVSS score of 7.5 (HIGH). Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job qu...
How severe is CVE-2023-43805?
CVE-2023-43805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-43805?
Check the references section above for vendor advisories and patch information. Affected products include: Nexryai Nexkey.