CVE-2024-23832

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23832

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23832.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-23832

Aliases

BIT-mastodon-2024-23832
GHSA-3fjr-858r-92rw

Published

2024-02-01T17:15:10Z

Modified

2024-09-03T04:39:28.020380Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.

References

Affected packages

Git / github.com/mastodon/mastodon

Affected ranges

Type: GIT
Repo: https://github.com/mastodon/mastodon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1726085db5cd73dd30953da858f9887bcc90b958

Type: GIT
Repo: https://github.com/tootsuite/mastodon
Events: Introduced

4fcc026f0f1b12a9de21a3af33375a9c8867dd55

Fixed

a6641f828b9e6f5806be01754318279c2532ae82

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.6

v0.7

v0.8

v0.9

v0.9.9

v1.*

v1.0

v1.1

v1.1.1

v1.1.2

v1.2

v1.2.1

v1.2.2

v1.3

v1.3.1

v1.3.2

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4rc1

v1.4rc2

v1.4rc3

v1.4rc4

v1.4rc5

v1.4rc6

v1.5.0

v1.5.0rc1

v1.5.0rc2

v1.5.0rc3

v1.5.1

v1.6.0

v1.6.0rc1

v1.6.0rc2

v1.6.0rc3

v1.6.0rc4

v1.6.0rc5

v1.6.1

v2.*

v2.0.0

v2.0.0rc1

v2.0.0rc2

v2.0.0rc3

v2.0.0rc4

v2.1.0

v2.1.0rc1

v2.1.0rc2

v2.1.0rc3

v2.1.0rc4

v2.1.0rc5

v2.1.0rc6

v2.1.1

v2.1.2

v2.1.3

v2.2.0

v2.2.0rc1

v2.2.0rc2

v2.3.0

v2.3.0rc1

v2.3.0rc2

v2.3.0rc3

v2.3.1

v2.3.1rc1

v2.3.1rc2

v2.3.1rc3

v2.3.2

v2.3.2rc1

v2.3.2rc2

v2.3.2rc3

v2.3.2rc4

v2.3.2rc5

v2.4.0

v2.4.0rc1

v2.4.0rc2

v2.4.0rc3

v2.4.0rc4

v2.4.0rc5

v2.4.1

v2.4.1rc1

v2.4.1rc2

v2.4.1rc3

v2.4.1rc4

v2.4.2

v2.4.2rc1

v2.4.2rc2

v2.4.2rc3

v2.4.3

v2.4.3rc1

v2.4.3rc2

v2.4.3rc3

v2.5.0

v2.5.0rc1

v2.5.0rc2

v2.6.0

v2.6.0rc1

v2.6.0rc2

v2.6.0rc3

v2.6.0rc4

v2.6.1

v2.7.0

v2.7.0rc1

v2.7.0rc2

v2.7.0rc3

v2.7.1

v2.8.0

v2.8.0rc1

v2.8.0rc2

v2.8.0rc3

v2.8.1

v2.8.2

v2.9.0

v2.9.0rc1

v2.9.0rc2

v2.9.1

v2.9.2

v3.*

v3.0.0

v3.0.0rc1

v3.0.0rc2

v3.0.0rc3

v3.0.1

v3.1.0

v3.1.0rc1

v3.1.0rc2

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.2.0

v3.2.0rc1

v3.2.0rc2

v3.3.0

v3.3.0rc1

v3.3.0rc2

v3.3.0rc3

v3.4.0

v3.4.0rc1

v3.4.0rc2

v3.4.1

v3.5.0

v3.5.0rc1

v3.5.0rc2

v3.5.0rc3

v3.5.1

v3.5.2

v3.5.3

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v4.0.0rc3

v4.0.0rc4

v4.0.1

v4.0.2

v4.1.0

v4.1.0rc1

v4.1.0rc2

v4.1.0rc3

v4.2.0

v4.2.0-beta1

v4.2.0-beta2

v4.2.0-beta3

v4.2.0-rc1

v4.2.0-rc2

v4.2.1

v4.2.2

v4.2.3

v4.2.4