Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nexkey allows users to bypass authentication of Bull dashboard
Vulnerability Description
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Nexkey 授权问题漏洞
Vulnerability Description
Nexkey是nexryai个人开发者的一个开源、去中心化的社交媒体平台。 Nexkey 12.121.9之前版本存在授权问题漏洞,该漏洞源于允许攻击者绕过身份验证来访问作业队列仪表盘。
CVSS Information
N/A
Vulnerability Type
N/A