Lucene search

PRIOn knowledge basePRION:CVE-2024-23832

HistoryFeb 01, 2024 - 5:15 p.m.

Design/Logic Flaw

2024-02-0117:15:00

PRIOn knowledge base

www.prio-n.com

mastodon

social network

ldap

authentication

account takeover

security flaw

activitypub

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.5%

JSON

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.

CPENameOperatorVersion
mastodonge4.2.0
mastodonlt4.2.5
mastodonge4.1.0
mastodonlt4.1.13
mastodonge4.0.0
mastodonlt4.0.13
mastodonlt3.5.17

Name	Operator	Version
mastodon	ge	4.2.0
mastodon	lt	4.2.5
mastodon	ge	4.1.0
mastodon	lt	4.1.13
mastodon	ge	4.0.0
mastodon	lt	4.0.13
mastodon	lt	3.5.17

References

www.openwall.com/lists/oss-security/2024/02/02/4

github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958

github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw