PT-2023-22009 · Mastodon · Mastodon

Gregxsunday

Publicado

2023-04-04

Atualizado

2024-03-06

CVE-2023-28853

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mastodon versions 2.5.0 through 3.5.7 Mastodon versions 3.5.8 is not affected, but versions prior to 3.5.8 are affected, however 4.0.3 and prior to 4.0.4 and 4.1.1 and prior to 4.1.2 are also affected. Mastodon versions 2.5.0 through 4.1.1

Description The issue arises from an insecure LDAP query during the login process, allowing an attacker to perform an LDAP injection attack. This can lead to the leakage of arbitrary attributes from the LDAP database.

Recommendations For Mastodon versions 2.5.0 through 3.5.7, update to version 3.5.8 or later. For Mastodon versions 4.0.0 through 4.0.3, update to version 4.0.4 or later. For Mastodon versions 4.1.0 through 4.1.1, update to version 4.1.2 or later.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-90CWE-74

Identificadores relacionados

BIT-MASTODON-2023-28853

CVE-2023-28853

GHSA-38G9-PFM9-GFQV

Produtos afetados

Mastodon

PT-2023-22009 · Mastodon · Mastodon

CVE-2023-28853

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13