Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version before 3.5.17 is vulnerable, as well as 4.0.x versions before 4.0.13, 4.1.x version before 4.1.13, and 4.2.x versions before 4.2.5.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joinmastodon mastodon |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Danger of remote account takeovers leaves lead devs scared of releasing many details
Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While very little has been released by way of technical details – allowing admins time to patch before attackers devise exploits – vulnerabilities with such high CVSS scores tend to lead to severe ...