3 matches found
CVE-2023-28853
Mastodon is affected by an LDAP injection vulnerability in the login path. The issue arises from insecure LDAP queries during authentication, enabling an attacker to leak arbitrary attributes from the LDAP directory. Affected versions are 2.5.0 up to, but not including, 3.5.8, 4.0.4, and 4.1.2. R...
CVE-2023-28853 Mastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...
CVE-2023-28853 Mastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...