Vulnerability Details CVE-2023-49095
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.7%
CVSS Severity
CVSS v3 Score 8.6
References
- https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab
- https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx
- https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab
- https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx
Products affected by CVE-2023-49095
-
cpe:2.3:a:nexryai:nexkey:-
-
cpe:2.3:a:nexryai:nexkey:12.121.9
-
cpe:2.3:a:nexryai:nexkey:12.23q4.4
-
cpe:2.3:a:nexryai:nexkey:12.23q4.5