PT-2026-3898 · Mastodon · Mastodon
Welshpixie
·
Publicado
2026-01-22
·
Atualizado
2026-02-03
·
CVE-2026-23961
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mastodon versions 4.2.26 through 4.2.29
Mastodon versions 4.3.13 through 4.3.17
Mastodon versions 4.4.5 through 4.4.11
Mastodon versions 4.5.0 through 4.5.4
Description
Mastodon is a social network server that allows administrators to suspend users. Logic errors exist that can allow posts from suspended users to appear in timelines, even after suspension. Specifically, known posts from suspended users can appear if they have been boosted. In some cases, previously unknown posts from suspended users can also be processed. In certain versions, suspended users can partially bypass the suspension to post new content.
Recommendations
Update to Mastodon version 4.5.5.
Update to Mastodon version 4.4.12.
Update to Mastodon version 4.3.18.
Exploit
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mastodon