Detections
Analytics

CVE-2024-23832

critical

Description

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.

References

https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958

http://www.openwall.com/lists/oss-security/2024/02/02/4

Details

Source: Mitre, NVD

Published: 2024-02-01

Updated: 2024-02-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical