How the CVE Works
The vulnerability arises due to a logic error in the `summaly` function, where the `allowRedirects` option is not properly passed to plugins. When processing URL previews, Misskey creates a `scrapingOptions` object but fails to include the `allowRedirects` flag from the original `opts` parameter. As a result, even if `allowRedirects: false` is set, the system ignores it and follows redirects. Attackers can exploit this by posting malicious links that redirect to unintended destinations, bypassing security restrictions.
DailyCVE Form
Platform: Misskey
Version: Affects versions < X.X.X
Vulnerability: Logic Bypass
Severity: Medium
Date: 2023-XX-XX
What Undercode Say:
Exploitation:
- Attackers craft posts with redirecting URLs.
- Preview generation ignores `allowRedirects` restriction.
- Victims see unintended content.
Detection:
grep -r "summaly" /misskey/src/
Mitigation:
1. Patch `summaly` function to include `allowRedirects`.
2. Validate URLs before preview generation.
Code Fix:
function summaly(url, opts) {
const scrapingOptions = {
...opts, // Ensure all opts are passed
allowRedirects: opts.allowRedirects || false
};
// Rest of the logic
}
Temporary Workaround:
- Disable link previews in config.
- Use a reverse proxy to block redirects.
Log Analysis:
cat /var/log/misskey/ | grep "Redirect detected"
References:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
