Otter@lemmy.ca to

Fediverse@lemmy.worldEnglish · 9 months ago

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

cross-posted to:
[email protected]

261

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

Otter@lemmy.ca to

Fediverse@lemmy.worldEnglish · 9 months ago

cross-posted to:
[email protected]

Remote user impersonation and takeover

### Summary Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as...

If your instance is not up to date (see footer), you can pass this along to your admins to check

Chat

BiggestBulb@kbin.run
link
fedilink
arrow-up
5·
9 months ago
Welp. I’m glad Stux was already updating earlier. Honestly, Stux probably knew before just about everyone else

Fediverse@lemmy.world

fediverse@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

278 users / day
1.69K users / week
5.33K users / month
13.2K users / 6 months
1 local subscriber
28.2K subscribers
1.69K Posts
52.9K Comments
Modlog