{"vulnerability": "CVE-2024-52591", "sightings": [{"uuid": "767359a3-40dc-4bec-9a9f-1d823c5cc170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52591", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113675448878441837", "content": "", "creation_timestamp": "2024-12-18T19:21:36.529591Z"}, {"uuid": "a9837b41-be50-4583-bd2e-9dfb92d9aaec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52591", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lk56ag3gql2d", "content": "", "creation_timestamp": "2025-03-11T23:00:07.874048Z"}, {"uuid": "9830e453-8350-4bec-b329-fb72c03970f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52591", "type": "seen", "source": "https://bsky.app/profile/samilaiho.com/post/3lk3koteo422c", "content": "", "creation_timestamp": "2025-03-11T07:37:39.671203Z"}, {"uuid": "8e9e70a5-2236-4c51-a457-a56bfb4608d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52591", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lk3vyw77ib2z", "content": "", "creation_timestamp": "2025-03-11T11:00:07.186484Z"}, {"uuid": "78ab860d-e276-4bff-a171-139b1a04db76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52591", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lk2cmbftsd2v", "content": "", "creation_timestamp": "2025-03-10T19:40:22.210767Z"}, {"uuid": "30a2ef53-e8c5-4274-ad6d-3336a6ad96a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52591", "type": "seen", "source": "https://t.me/cvedetector/19994", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25306 - Misskey ActivityPub Object Authority Validation Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-25306 \nPublished : March 10, 2025, 7:15 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim authority in the `url` field even if the specific ActivityPub object type require authority in the `id` field. Version 2025.2.1 addresses the issue. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:49.000000Z"}, {"uuid": "42e32fca-dc87-4018-8bd8-30d287d6927c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52591", "type": "seen", "source": "https://t.me/cvedetector/13246", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52591 - Misskey Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52591 \nPublished : Dec. 18, 2024, 8:15 p.m. | 36\u00a0minutes ago \nDescription : Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance than the one where they actually exist, and the forged notes will appear to be posted by a different user. Vulnerable Misskey instances will accept the spoofed objects as valid, allowing an attacker to impersonate other users and instances. The attacker retains full control of the spoofed user / note and can interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T22:03:56.000000Z"}]}