What is CVE-2024-32983?

CVE-2024-32983 is a high-severity vulnerability in Misskey-dev Misskey, classified under Incorrect Authorization. CVSS score: 8.2/10. Published 2024-06-03.

How severe is CVE-2024-32983?

High severity. CVSS v3 base score is 8.2 out of 10.

Auth bypass in Misskey-dev Misskey

CVE-2024-32983

Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof th…

Vulnerability class: Broken Access Control

EPSS: 0.003 (51.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N.

Affected products

Misskey-dev Misskey — versions < 2024.5.0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

https://github.com/misskey-dev/misskey/security/advisories/GHSA-2vxv-pv3m-3wvj (x_refsource_CONFIRM)
https://github.com/misskey-dev/misskey/commit/d2a5bb39e344fcb84a24ae60faafe4694b227b88 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-32983?: CVE-2024-32983 is a high-severity vulnerability in Misskey-dev Misskey, classified under Incorrect Authorization. CVSS score: 8.2/10. Published 2024-06-03.
How severe is CVE-2024-32983?: High severity. CVSS v3 base score is 8.2 out of 10.