BIT-mastodon-2024-23832

Import Source
https://github.com/bitnami/vulndb/tree/main/data/mastodon/BIT-mastodon-2024-23832.json
Aliases
Published
2024-02-10T07:20:53.536Z
Modified
2024-02-10T08:11:46.653001Z
Details

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.

References

Affected packages

Bitnami / mastodon

Package

Name
mastodon

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.5.17
Introduced
4.0.0
Fixed
4.0.13
Introduced
4.1.0
Fixed
4.1.13
Introduced
4.2.0
Fixed
4.2.5