Home > Vulnerability Database > CVE-2023-43805

Mend.io Vulnerability Database

CVE-2023-43805

Date: October 4, 2023

Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (5)

Url: https://github.com/nexryai/nexkey/commit/d89575c521fd4492f5e2ba5a221c5e8f1382081d

Url: https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc

Url: https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-43805

Url: https://www.mend.io/vulnerability-database/CVE-2023-43805

Severity Score

7.5

Weakness Type (CWE)

Authentication Issues

CWE-287

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-43805

Date: October 4, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?