Bypassing Authentication in Bull Dashboard of Misskey Social Media Platform

Bypassing Authentication in Bull Dashboard of Misskey Social Media Platform

CVE-2023-43793 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.

Learn more about our Open Source Audit.