Misskey's missing signature validation allows arbitrary users to impersonate any remote user.
CVE-2023-49079
7.5HIGH
What is CVE-2023-49079?
The Misskey platform, a decentralized social media application, has a vulnerability due to a lack of signature validation, which enables any user to impersonate remote users. This security flaw allows for potential misuse of user identities, potentially affecting the trust and integrity of user interactions within the platform. The issue has been addressed in the latest patch (version 2023.11.1-beta.1), and it is crucial for users to update promptly to mitigate risks.
Affected Version(s)
misskey < 2023.11.1-beta.1
