Lucene search

GoogleOSV:CVE-2023-42451

HistorySep 19, 2023 - 4:15 p.m.

CVE-2023-42451

2023-09-1916:15:13

Google

osv.dev

mastodon

social network

domain spoofing

security issue

patch

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.

CPENameOperatorVersion
mastodoneq3.5.1
mastodoneq2.4.3rc3
mastodoneq1.4.7
mastodoneq3.0.0rc1
mastodoneq3.1.1
mastodoneq2.3.2rc5
mastodoneq1.6.0rc4
mastodoneq2.0.0
mastodoneq2.3.1rc3
mastodoneq0.1.2

Name	Operator	Version
mastodon	eq	3.5.1
mastodon	eq	2.4.3rc3
mastodon	eq	1.4.7
mastodon	eq	3.0.0rc1
mastodon	eq	3.1.1
mastodon	eq	2.3.2rc5
mastodon	eq	1.6.0rc4
mastodon	eq	2.0.0
mastodon	eq	2.3.1rc3
mastodon	eq	0.1.2

Rows per page:

1-10 of 1711

References

github.com/mastodon/mastodon/commit/eeab3560fc0516070b3fb97e089b15ecab1938c8

github.com/mastodon/mastodon/security/advisories/GHSA-v3xf-c9qf-j667

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for OSV:CVE-2023-42451