Lucene search

[email protected]NVD:CVE-2023-42451

HistorySep 19, 2023 - 4:15 p.m.

CVE-2023-42451

2023-09-1916:15:13

CWE-706

[email protected]

web.nvd.nist.gov

mastodon

vulnerability

domain name

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.

Affected configurations

NVD

Node

joinmastodonmastodonRange<3.5.14

joinmastodonmastodonRange4.0.0–4.0.10

joinmastodonmastodonRange4.1.0–4.1.8

joinmastodonmastodonMatch4.2.0beta1

joinmastodonmastodonMatch4.2.0beta2

joinmastodonmastodonMatch4.2.0beta3

joinmastodonmastodonMatch4.2.0rc1

References

github.com/mastodon/mastodon/commit/eeab3560fc0516070b3fb97e089b15ecab1938c8

github.com/mastodon/mastodon/security/advisories/GHSA-v3xf-c9qf-j667

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for NVD:CVE-2023-42451

osv2 prion1 cve1 cvelist1