CVE-2023-49095

{"id": "CVE-2023-49095", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-11-30T07:15:09.133", "references": [{"url": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2."}, {"lang": "es", "value": "nexkey es una plataforma de microblogging. Una validaci\u00f3n insuficiente de las solicitudes de ActivityPub recibidas en la bandeja de entrada podr\u00eda permitir que cualquier usuario se haga pasar por otro usuario en determinadas circunstancias. Este problema se solucion\u00f3 en la versi\u00f3n 12.122.2."}], "lastModified": "2024-11-21T08:32:48.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nexryai:nexkey:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "0A765E23-8158-4CD7-ACF2-66ECF9A3FA1E", "versionEndExcluding": "12.122.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}