Mastodon vulnerability allows attackers to take over accounts. The vulnerability, affecting versions before 3.5.17/4.0.13/4.1.13/4.2.5, posed a 9.4 severity risk. Users urged to verify their instance's upgrade to protect accounts. Details to be shared on Feb 15, 2024. Stay safe! https://www.bleepstatic.com/images/news/u/1220909/2024/Cybersecurity/alert.png
The flaw was fixed as of 4.2.5, released yesterday, which all Mastodon server administrators are advised to upgrade to as soon as possible to protect users of their instances. Mastodon promised to share more information on Feb. 15 2024 about CVE-2024-23832 after withholding technical details for the time being to prevent active exploitation of the vulnerability.
Was really helpful ☺️
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.