Arthur Besse to

Fediverse@lemmy.mlEnglish • 1 year ago

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

cross-posted to:
fediverse@lemmy.world

187

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

Arthur Besse to

Fediverse@lemmy.mlEnglish • 1 year ago

cross-posted to:
fediverse@lemmy.world

Remote user impersonation and takeover

### Summary Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as...

Chat

Arthur BesseOP
link
fedilink
20•1 year ago
No, this is a server-side vulnerability. Clients do not need to update, instances do.
- Atelopus-zeteki
  link
  fedilink
  2•1 year ago
  TY!