Mima-samaFeb 14, 2024
Hey #Mastodon admins, just a reminder that the details of the critical #security vulnerability GHSA-3fjr-858r-92rw/CVE-2024-23832 is going to be released tomorrow. I still see some instances out there running a vulnerable version... Sent a DM to the admins of those instances of course. Please upgrade to a patched version (like 4.2.5 and 4.1.13) as soon as possible.

#MastoAdmin #FediAdmin #CVE-2024-23832 #CVE202423832 #CVE_2024_23832 #CVE #GHSA-3fjr-858r-92rw #GHSA3fjr858r92rw #GHSA_3fjr_858r_92rw #GHSA #GitHub #GitHubsecurityadvisory #cybersecurity #OriginValidation
Remote user impersonation and takeover

### Summary Due to a gap in validation of federated content in the affected Mastodon versions, attackers can craft payloads that impersonate remote ActivityPub actors (federated accounts) as-see...

GitHub
deltatux Feb 5, 2024
A new vulnerability in Mastodon was disclosed allowing attackers to perform account takeovers if they successfully exploit this vulnerability.

This vulnerability is being tracked as CVE-2024-23832 & has a 9.4/10 CVSS3 score, so it's a critical vulnerability.

As always, if you run a Mastodon instance, it's best if you can patch to the latest version as soon as possible.

www.bleepingcomputer.com/news/security/mastodon-vulnerability-allows-attackers-to-take-over-accounts/

#mastoadmin #mastodon #fediverse #patch #vulnerability #CVE_2024_23832
Mastodon vulnerability allows attackers to take over accounts

Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.

BleepingComputer
Frédéric JacobsFeb 1, 2024

Thank you @arcanicanis for making us users on here safer and reporting this critical Mastodon vulnerability.

And @Gargron and team for the prompt fix and patching of mastodon.social.

If your instance isn't patched, you should probably ping your admin.

"Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account.”

https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

#Mastodon #MastoSec #CVE_2024_23832 #MastoAdmin

Remote user impersonation and takeover

### Summary Due to a gap in validation of federated content in the affected Mastodon versions, attackers can craft payloads that impersonate remote ActivityPub actors (federated accounts) as-see...

GitHub