Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/02/02/4 - Mailing List, Patch | |
References | () https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958 - Patch | |
References | () https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.4 |
09 Feb 2024, 20:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:* | |
References | () https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958 - Patch | |
References | () http://www.openwall.com/lists/oss-security/2024/02/02/4 - Mailing List, Patch | |
References | () https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Joinmastodon mastodon
Joinmastodon |
02 Feb 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-01 17:15
Updated : 2024-11-21 08:58
NVD link : CVE-2024-23832
Mitre link : CVE-2024-23832
CVE.ORG link : CVE-2024-23832
JSON object : View
Products Affected
joinmastodon
- mastodon
CWE
CWE-290
Authentication Bypass by Spoofing