Mastodon Security Update Advisory (CVE-2024-23832)

Feb 02 2024

Overview

An update has been made available to fix vulnerabilities in Mastodon. Users of affected versions are advised to update to the latest version.

Affected Products

Mastodon

3.all versions prior to 5.17
4.0.x versions prior to 4.0.13
4.any 1.x version prior to 4.1.13
4.any 2.x version prior to 4.2.5

Resolved Vulnerabilities

Remote user account impersonation and takeover vulnerability in Mastodon (CVE-2024-23832)

Vulnerability Patches

Vulnerability patches were made available in the February 2 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

Mastodon versions 3.5.17, 4.0.13, 4.1.13, 4.2.5

Referenced Sites

[1] CVE-2024-23832 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-23832#close
[2] CVE-2024-23832
https://www.openwall.com/lists/oss-security/2024/02/02/4
[3] Merge pull request from GHSA-3fjr-858r-92rw
https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958
[4] Remote user impersonation and takeover
https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

Mastodon Security Update Advisory (CVE-2024-23832)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

GNU glibc Library Security Update Advisory (CVE-2023-6246)

Apache Pulsar Security Update Advisory (CVE-2023-51437)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

GNU glibc Library Security Update Advisory (CVE-2023-6246)

Apache Pulsar Security Update Advisory (CVE-2023-51437)