Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

github.com

cross-posted to:
fediverse@lemmy.world
securitynews@infosec.pub
fediverse@lemmy.ml

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

github.com

Arthur Besse@lemmy.ml to

Security@lemmy.mlEnglish · 2 years ago

cross-posted to:
fediverse@lemmy.world
securitynews@infosec.pub
fediverse@lemmy.ml

Remote user impersonation and takeover

github.com

### Summary Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as...

You must log in or # to comment.

Chat