CVE-2023-49079 — CRITICAL (9.3)

Q: How severe is CVE-2023-49079?

CVE-2023-49079 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-49079?

Check the references section above for vendor advisories and patch information. Affected products include: Misskey Misskey.

Vulnerability Description

Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Misskey	Misskey	< 2023.11.1

Related Weaknesses (CWE)

CWE-347

References

https://github.com/misskey-dev/misskey/security/advisories/GHSA-3f39-6537-3cgcMitigationVendor Advisory
https://github.com/misskey-dev/misskey/security/advisories/GHSA-3f39-6537-3cgcMitigationVendor Advisory

FAQ

What is CVE-2023-49079?

CVE-2023-49079 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 202...

How severe is CVE-2023-49079?

CVE-2023-49079 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-49079?

Check the references section above for vendor advisories and patch information. Affected products include: Misskey Misskey.