CVE-2023-43793

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
misskeymisskey
𝑥
< 2023.9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2
https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc
https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf
https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2
https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc
https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf