CVE-2023-49095

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-49095

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49095.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49095

Aliases

GHSA-fpxw-rw9v-2gmx

Published

2023-11-30T07:10:10.994Z

Modified

2026-04-10T05:04:57.369708Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

nexkey allows arbitrary users to impersonate any remote user due to missing signature validation

Details

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49095.json",
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/nexryai/concorde

Affected ranges

Type: GIT
Repo: https://github.com/nexryai/concorde
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b96da0eac5a1e75abba94cf926f1251842829bab

Type: GIT
Repo: https://github.com/nexryai/concorde
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b96da0eac5a1e75abba94cf926f1251842829bab

Affected versions

12.*

12.119.2-fix.1

12.119.2-fix.2

12.119.2-fix.3

12.119.2-fix.4

12.119.2-fix.5

12.119.2-fix.5.1

12.119.2-fix.5.2

12.119.2-fix.5.3

12.119.2-fix.5.4

12.119.2-fix.5.5

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "12.122.2"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49095.json"