Unrated severityNVD Advisory· Published Oct 4, 2023· Updated Sep 20, 2024

Misskey allows users to bypass authentication of Bull dashboard

CVE-2023-43793

Description

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.

Affected products

Misskey Dev/Misskeyv5
Range: < 2023.9.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2mitrex_refsource_MISC
github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqcmitrex_refsource_CONFIRM
github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000