CVE-2023-49095

HIGH

nexkey < 12.122.2 - User Impersonation via ActivityPub Request Validation Bypass

Title source: llm
STIX 2.1

Description

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.

References (2)

Core 2

Scores

CVSS v3 8.6
EPSS 0.0056
EPSS Percentile 42.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (1)
nexryai/nexkey < 12.122.2
Published Nov 30, 2023
Tracked Since Feb 18, 2026