Oddbean new post about | logout
 Mastodon vulnerability allows attackers to take over accounts. The vulnerability, affecting versions before 3.5.17/4.0.13/4.1.13/4.2.5, posed a 9.4 severity risk. Users urged to verify their instance's upgrade to protect accounts. Details to be shared on Feb 15, 2024. Stay safe!

https://www.bleepstatic.com/images/news/u/1220909/2024/Cybersecurity/alert.png 
 Masterdon is neither decentralized nor meritocratic. 
 The flaw was fixed as of 4.2.5, released yesterday, which all Mastodon server administrators are advised to upgrade to as soon as possible to protect users of their instances.
  Mastodon promised to share more information on Feb. 15 2024 about CVE-2024-23832 after withholding technical details for the time being to prevent active exploitation of the vulnerability. 
 The flaw was fixed as of 4.2.5, released yesterday, which all Mastodon server administrators are advised to upgrade to as soon as possible to protect users of their instances. 
 The flaw was fixed as of 4.2.5, released yesterday, which all Mastodon server administrators are advised to upgrade to as soon as possible to protect users of their instances. 
 Was really helpful ☺️ 
 was helpful 
 Very important 
 this is helpful, thanks. 
 This is really important 
 Yes i read about it its too critical 
 Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5. 
 This is an important update