5 matches found
CVE-2025-27399
Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...
CVE-2025-27399
creationtimestamp| type| source ---|---|--- 2025-02-27 18:18:44+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114077225711677534 2025-02-27 20:56:15+00:00| seen| https://t.me/cvedetector/19069 2025-08-22 14:52:22+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c...
CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"
Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...
CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"
Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...
CVE-2025-27399
Summary: Mastodon contains an access-control bug where, when domain blocks/reasons visibility is set to the English string “To logged-in users,” users not yet approved can view the block reasons. Affected versions: before 4.1.23, 4.2.16, and 4.3.4. Impact: instance admins who rely on private doma...