CVE-2023-43805
📋 TL;DR
CVE-2023-43805 is an authentication bypass vulnerability in Nexkey (a Misskey fork) that allows attackers to access the job queue dashboard without proper credentials. This affects all Nexkey instances running versions prior to 12.121.9. The vulnerability stems from incomplete URL validation that can be exploited to bypass authentication mechanisms.
💻 Affected Systems
- Nexkey
📦 What is this software?
Nexkey by Nexryai
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to the job queue dashboard, potentially allowing them to manipulate background jobs, execute arbitrary commands, or access sensitive system information.
Likely Case
Unauthorized users access the job queue dashboard to view sensitive job information, monitor system activities, or potentially manipulate queued jobs.
If Mitigated
With proper network segmentation and access controls, impact is limited to the specific job queue dashboard functionality.
🎯 Exploit Status
The vulnerability involves URL manipulation to bypass authentication, which is typically straightforward to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.121.9
Vendor Advisory: https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf
Restart Required: Yes
Instructions:
1. Backup your Nexkey instance. 2. Update to version 12.121.9 or later using your package manager or by pulling the latest code from the repository. 3. Restart the Nexkey service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Network Access Restriction
linuxBlock external access to the job queue dashboard using firewall rules or WAF.
iptables -A INPUT -p tcp --dport [NEXKEY_PORT] -s ! [TRUSTED_NETWORK] -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the Nexkey instance
- Use a WAF (like Cloudflare's) to block malicious requests targeting the job queue endpoint
🔍 How to Verify
Check if Vulnerable:
Check if your Nexkey version is below 12.121.9 by accessing the admin panel or checking the package version.Check Version:
Check the version in the admin dashboard or run: cat package.json | grep versionVerify Fix Applied:
After updating to 12.121.9 or later, attempt to access the job queue dashboard without authentication - access should be denied.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to /api/jobs/queue or similar job-related endpoints
- Failed authentication logs followed by successful job queue access
Network Indicators:
- Unusual traffic patterns to job queue endpoints from unauthenticated sources
SIEM Query:
source="nexkey.logs" AND (uri_path="/api/jobs/*" OR uri_path="/admin/jobs/*") AND http_status=200 AND auth_status="failed"🔗 References
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc
- https://github.com/nexryai/nexkey/commit/d89575c521fd4492f5e2ba5a221c5e8f1382081d
- https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc
- https://github.com/nexryai/nexkey/commit/d89575c521fd4492f5e2ba5a221c5e8f1382081d
- https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf
