Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
External apps using tokens issued by administrators and moderators can call admin APIs
Vulnerability Description
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
Nexkey 安全漏洞
Vulnerability Description
Nexkey是nexryai个人开发者的一个开源、去中心化的社交媒体平台。 Nexkey 12.23Q4.5之前版本存在安全漏洞,该漏洞源于允许外部应用程序使用管理员和审阅人发布的令牌调用管理API。
CVSS Information
N/A
Vulnerability Type
N/A