Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-27T18:45:50.408Z

Updated: 2024-08-02T22:48:12.128Z

Reserved: 2023-12-26T12:53:20.670Z

Link: CVE-2023-52077

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-27T19:15:07.763

Modified: 2024-11-21T08:39:07.370

Link: CVE-2023-52077

cve-icon Redhat

No data.