fkie_nvd - fkie_cve-2019-1020010

fkie_cve-2019-1020010

Vulnerability from fkie_nvd

Published

2019-07-29 13:15

Modified

2024-11-21 04:18

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Misskey before 10.102.4 allows hijacking a user's token.

References

▶	URL	Tags
	josh@bress.net	https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p	Exploit, Mitigation, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p	Exploit, Mitigation, Third Party Advisory

Impacted products

Vendor	Product	Version
misskey	misskey	*
misskey	misskey	*
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0
misskey	misskey	11.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:misskey:misskey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F0B34A-BB65-408C-8053-48DDC3D1C3FF",
              "versionEndExcluding": "10.102.4",
              "versionStartIncluding": "10.46.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC50D734-FB0A-47EF-8BB1-0E353FC22D4D",
              "versionEndExcluding": "11.20.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "E964986E-D270-4B93-B275-C6392F007B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha10:*:*:*:*:*:*",
              "matchCriteriaId": "37073996-D41A-4749-B70A-3B998B9853BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "025F97A7-2145-45C9-AFDC-53441526EEA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "E5326C03-A022-4C55-9862-C43EE7B23451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "9CE8D977-0BC7-434B-8581-0D3BEB2A7ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "E479DF22-5D06-45AD-A51B-CFF26E100860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "BCE52C36-182E-47B9-BA0A-7A29DB1E43A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha7:*:*:*:*:*:*",
              "matchCriteriaId": "56D8F658-5E7F-403C-BDAD-526E0DB24D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:alpha8:*:*:*:*:*:*",
              "matchCriteriaId": "89A6933D-402D-4AD0-8BED-7EC8A135AAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F9249CEF-1388-4BF2-B04B-C450D5B216F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "CAD8DBB6-0977-471C-8C09-610AA4AFB271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "F22BA296-6C19-435C-9303-DD960CA5ACD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "CEC5809D-6C0C-4C6C-8555-955BB7390BB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta13:*:*:*:*:*:*",
              "matchCriteriaId": "7860133F-D265-477F-B3B4-7B88ABABBDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta14:*:*:*:*:*:*",
              "matchCriteriaId": "F4F50B3F-A99E-49F7-9959-D11CBE875EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta15:*:*:*:*:*:*",
              "matchCriteriaId": "4274117D-10A8-4D91-83CA-4912E3B4734E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta16:*:*:*:*:*:*",
              "matchCriteriaId": "3B76A5E9-5B23-4902-93EE-32E8D6D6AE45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "6860F62C-3498-4876-8906-570CDE9E05F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "75A0DAD9-8F53-4692-B4E9-B21A7A26BEB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "7887424B-E9F7-4313-8E40-D408C13FC329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "EE8A70A6-5D45-47BB-80B5-F3B19E493601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "E1F4D4AF-5E5D-4E89-B1A6-3CA993EB5666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "9C3503EC-223C-473C-AF5C-2EF3496C2003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "E3998793-764F-4BCF-A978-D45A2A111668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:misskey:misskey:11.0.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "DBEBD39D-DB2D-49C5-8D80-531316C33F63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Misskey before 10.102.4 allows hijacking a user\u0027s token."
    },
    {
      "lang": "es",
      "value": "Misskey anterior a versi\u00f3n 10.102.4, permite el secuestro de un token de usuario."
    }
  ],
  "id": "CVE-2019-1020010",
  "lastModified": "2024-11-21T04:18:11.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-29T13:15:11.683",
  "references": [
    {
      "source": "josh@bress.net",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p"
    }
  ],
  "sourceIdentifier": "josh@bress.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-1020010 (GCVE-0-2019-1020010)

Vulnerability from cvelistv5

Published

2019-07-29 12:12

Modified

2024-08-05 03:14

Severity ?

CWE

hijacking a user's token

Summary

Misskey before 10.102.4 allows hijacking a user's token.

References

►

URL

Tags

https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p

x_refsource_MISC