{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49095", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-21T18:57:30.430Z", "datePublished": "2023-11-30T07:10:10.994Z", "dateUpdated": "2024-11-27T15:54:12.214Z"}, "containers": {"cna": {"title": "nexkey allows arbitrary users to impersonate any remote user due to missing signature validation", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx"}, {"name": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab", "tags": ["x_refsource_MISC"], "url": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab"}], "affected": [{"vendor": "nexryai", "product": "nexkey", "versions": [{"version": "< 12.122.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-30T07:10:10.994Z"}, "descriptions": [{"lang": "en", "value": "nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2."}], "source": {"advisory": "GHSA-fpxw-rw9v-2gmx", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.222Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx"}, {"name": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-27T15:54:00.291547Z", "id": "CVE-2023-49095", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T15:54:12.214Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx", "name": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab", "name": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.222Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49095", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-27T15:54:00.291547Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T15:54:08.081Z"}}], "cna": {"title": "nexkey allows arbitrary users to impersonate any remote user due to missing signature validation", "source": {"advisory": "GHSA-fpxw-rw9v-2gmx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "nexryai", "product": "nexkey", "versions": [{"status": "affected", "version": "< 12.122.2"}]}], "references": [{"url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx", "name": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab", "name": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-30T07:10:10.994Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49095", "state": "PUBLISHED", "dateUpdated": "2024-11-27T15:54:12.214Z", "dateReserved": "2023-11-21T18:57:30.430Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-11-30T07:10:10.994Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nexryai:nexkey:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "0A765E23-8158-4CD7-ACF2-66ECF9A3FA1E", "versionEndExcluding": "12.122.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2."}, {"lang": "es", "value": "nexkey es una plataforma de microblogging. Una validaci\u00f3n insuficiente de las solicitudes de ActivityPub recibidas en la bandeja de entrada podr\u00eda permitir que cualquier usuario se haga pasar por otro usuario en determinadas circunstancias. Este problema se solucion\u00f3 en la versi\u00f3n 12.122.2."}], "id": "CVE-2023-49095", "lastModified": "2024-11-21T08:32:48.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-30T07:15:09.133", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}