2 matches found
CVE-2024-25618
CVE-2024-25618 (Mastodon) describes an account takeover risk when external identity providers (CAS, SAML, OIDC) attach new identities to existing Mastodon users via shared email addresses. The issue occurs if the provider allows changing a user’s email (or supports multiple providers) and Mastodo...
CVE-2024-25618 External OpenID Connect Account Takeover by E-Mail Change in mastodon
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...