Frédéric Jacobs

Thank you @arcanicanis for making us users on here safer and reporting this critical Mastodon vulnerability.

And @Gargron and team for the prompt fix and patching of mastodon.social.

If your instance isn't patched, you should probably ping your admin.

"Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account.”

https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

#Mastodon #MastoSec #CVE_2024_23832 #MastoAdmin

Remote user impersonation and takeover

### Summary Due to a gap in validation of federated content in the affected Mastodon versions, attackers can craft payloads that impersonate remote ActivityPub actors (federated accounts) as-see...

GitHub
Feb 1, 2024 at 3:53pmIvory for Mac
Show threadgeographyFeb 1, 2024
@fj @arcanicanis @Gargron there seem to have been some communication glitches though https://were.social/objects/a58d5e56-656c-4c86-b009-e830c7e528a3