Published: 01/02/2024 Updated: 09/02/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version before 3.5.17 is vulnerable, as well as 4.0.x versions before 4.0.13, 4.1.x version before 4.1.13, and 4.2.x versions before 4.2.5.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joinmastodon mastodon

Critical vulnerability in Mastodon is pounced upon by fast-acting admins

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Danger of remote account takeovers leaves lead devs scared of releasing many details

Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While very little has been released by way of technical details – allowing admins time to patch before attackers devise exploits – vulnerabilities with such high CVSS scores tend to lead to severe ...

CVE-2024-23832

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect