Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

github.com

cross-posted to:
securitynews@infosec.pub

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

github.com

Arthur Besse@lemmy.ml to

Fediverse@lemmy.mlEnglish · 1 year ago

cross-posted to:
securitynews@infosec.pub

Remote user impersonation and takeover

github.com

### Summary Due to a gap in validation of federated content in the affected Mastodon versions, attackers can craft payloads that impersonate remote ActivityPub actors (federated accounts) as-see...

You must log in or register to comment.

Chat

Fediverse@lemmy.ml

fediverse@lemmy.ml

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !fediverse@lemmy.ml

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of “federation” and “universe”.

Getting started on Fediverse;

What is the fediverse?
- Short ver.
- Full ver.
Fediverse Platforms
How to run your own community

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

22 users / day
22 users / week
22 users / month
22 users / 6 months
0 local subscribers
17K subscribers
100 Posts
1 Comment
Modlog