Arthur Besse@lemmy.ml to

Fediverse@lemmy.mlEnglish · 10 months ago

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

189

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

Arthur Besse@lemmy.ml to

Fediverse@lemmy.mlEnglish · 10 months ago

Remote user impersonation and takeover

### Summary Due to a gap in validation of federated content in the affected Mastodon versions, attackers can craft payloads that impersonate remote federated accounts as-seen-from the affected s...

Chat

Arthur Besse@lemmy.mlOP
link
fedilink
arrow-up
19·
10 months ago
No, this is a server-side vulnerability. Clients do not need to update, instances do.
- Atelopus-zeteki@kbin.run
  cake
  link
  fedilink
  arrow-up
  2·
  10 months ago
  TY!

Fediverse@lemmy.ml

fediverse@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !fediverse@lemmy.ml

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of “federation” and “universe”.

Getting started on Fediverse;

What is the fediverse?
- Short ver.
- Full ver.
Fediverse Platforms
How to run your own community

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

3 users / day
81 users / week
554 users / month
3.33K users / 6 months
25 local subscribers
17.7K subscribers
1.33K Posts
15K Comments
Modlog