Home Security Mastodon Social Community Patches Crucial Flaws Permitting Server Takeover

Mastodon Social Community Patches Crucial Flaws Permitting Server Takeover

by crpt os


Jul 07, 2023Swati KhandelwalVulnerability / Social Media

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks.

Mastodon is known for its federated model, consisting of thousands of separate servers called “instances,” and it has over 14 million users across more than 20,000 instances.

The most critical vulnerability, CVE-2023-36460, allows hackers to exploit a flaw in the media attachments feature, creating and overwriting files in any location the software could access on an instance.

This software vulnerability could be used for DoS and arbitrary remote code execution attacks, posing a significant threat to users and the broader Internet ecosystem.

If an attacker gains control over multiple instances, they could cause harm by instructing users to download malicious applications or even bring down the entire Mastodon infrastructure. Fortunately, there is no evidence of this vulnerability being exploited so far.

The critical flaw was discovered as part of a comprehensive penetration testing initiative funded by the Mozilla Foundation and conducted by Cure53.

The recent patch release addressed five vulnerabilities, including another critical issue tracked as CVE-2023-36459. This vulnerability could allow attackers to inject arbitrary HTML into oEmbed preview cards, bypassing Mastodon’s HTML sanitization process.

Consequently, this introduced a vector for Cross-Site Scripting (XSS) payloads that could execute malicious code when users clicked on preview cards associated with malicious links.

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

The remaining three vulnerabilities were classified as high and medium severity. They included “Blind LDAP injection in login,” which allowed attackers to extract arbitrary attributes from the LDAP database, “Denial of Service through slow HTTP responses,” and a formatting issue with “Verified profile links.” Each of these flaws posed different levels of risk to Mastodon users.

To protect themselves, Mastodon users only need to ensure that their subscribed instance has installed the necessary updates promptly.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex