Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/01 5:20 p.m.8 views

CVE-2025-27399

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...

5.3CVSS6.7AI score0.0033EPSS
Exploits0References1
Circl
Circl
added 2025/02/27 6:18 p.m.8 views

CVE-2025-27399

creationtimestamp| type| source ---|---|--- 2025-02-27 18:18:44+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114077225711677534 2025-02-27 20:56:15+00:00| seen| https://t.me/cvedetector/19069 2025-08-22 14:52:22+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c...

5.3CVSS4.8AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2025/02/27 5:15 p.m.10 views

CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...

5.3CVSS6.6AI score0.0033EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/27 5:15 p.m.24 views

CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...

5.3CVSS0.0033EPSS
Exploits0References4
CVE
CVE
added 2025/02/27 5:15 p.m.96 views

CVE-2025-27399

Summary: Mastodon contains an access-control bug where, when domain blocks/reasons visibility is set to the English string “To logged-in users,” users not yet approved can view the block reasons. Affected versions: before 4.1.23, 4.2.16, and 4.3.4. Impact: instance admins who rely on private doma...

5.3CVSS5.3AI score0.0033EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder