CVE-2024-25619

🗓️ 14 Feb 2024 21:08:15Reported by GoogleType

osv🔗 osv.dev👁 11 Views

Mastodon OAuth Application can continue listening to streaming after destruction due to Access Tokens not being destroyed, posing security risks. Mitigated in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.1

Reporter	Title	Published	Views	Family All 6
Vulnrichment	CVE-2024-25619 Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon	14 Feb 202420:50	–	vulnrichment
Cvelist	CVE-2024-25619 Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon	14 Feb 202420:50	–	cvelist
NVD	CVE-2024-25619	14 Feb 202421:15	–	nvd
OSV	BIT-mastodon-2024-25619	31 Mar 202418:21	–	osv
CVE	CVE-2024-25619	14 Feb 202421:15	–	cve
Prion	Design/Logic Flaw	14 Feb 202421:15	–	prion

Source	Link
github	www.github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x
github	www.github.com/mastodon/mastodon/commit/68eaa804c9bafdc5f798e114e9ba00161425dd71

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Feb 2024 21:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS33.1 - 4.3

EPSS0.00053

SSVC