Unrated severityNVD Advisory· Published Nov 30, 2023· Updated Nov 27, 2024

nexkey allows arbitrary users to impersonate any remote user due to missing signature validation

CVE-2023-49095

Description

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.

Affected products

Nexryai/Nexkeyv5
Range: < 12.122.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829babmitrex_refsource_MISC
github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmxmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000