Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/02/02/4 | Mailing List Patch |
https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958 | Patch |
https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Feb 2024, 20:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958 - Patch | |
References | () http://www.openwall.com/lists/oss-security/2024/02/02/4 - Mailing List, Patch | |
References | () https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw - Vendor Advisory | |
CPE | cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Joinmastodon mastodon
Joinmastodon |
02 Feb 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-01 17:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-23832
Mitre link : CVE-2024-23832
CVE.ORG link : CVE-2024-23832
JSON object : View
Products Affected
joinmastodon
- mastodon
CWE
CWE-290
Authentication Bypass by Spoofing