Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-23832

Опубликовано: 01 фев. 2024
Источник: debian

Описание

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mastodonitppackage

Связанные уязвимости

nvd логотип

CVE-2024-23832

CVSS3: 9.4
nvd
около 2 лет назад

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.

fstec логотип

BDU:2024-00927

CVSS3: 9.4
fstec
около 2 лет назад

Уязвимость реализации протокола LDAP веб-приложения для развёртывания распределённых социальных сетей Mastodon, позволяющая нарушителю обойти процедуру аутентификации