Nexkey allows users to bypass authentication of Bull dashboard
CVE-2023-43805

7.5HIGH

Key Information:

Vendor: Nexryai
Status: Nexkey
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-43805?

Nexkey, a decentralized social media platform, has a vulnerability stemming from insufficient validation of URLs prior to version 12.121.9. This weakness allows malicious users to circumvent authentication mechanisms, granting them unauthorized access to the job queue dashboard. A patch has been implemented in version 12.121.9 to rectify this issue. Meanwhile, users are advised to block access using web application firewall tools such as Cloudflare's WAF as a temporary mitigation strategy.

Affected Version(s)

nexkey < 12.121.9

References

https://github.com/nexryai/nexkey/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/misskey-dev/misskey/security/advisorie...

x_refsource_MISC

https://github.com/nexryai/nexkey/commit/d89575c521fd4492...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Sep 22, 2023

Nexryai

What is CVE-2023-43805?

Affected Version(s)

References

CVSS V3.1

Timeline