Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/fj/statuses/111857028002000575">Frederic Jacobs (fj@mastodon.social)'s status on Friday, 02-Feb-2024 07:13:15 JST</a><a href="https://mastodon.social/@fj" title="fj@mastodon.social"><img src="https://gnusocial.jp/avatar/94289-48-20240615001525.webp" width="48" height="48" alt="Frederic Jacobs" style="position: absolute; left: 0; top: 0;">Frederic Jacobs</a><div><ul><li><li><a href="https://gnusocial.jp/user/10459" title="arcanicanis@were.social">arcanicanis</a></li></ul></div></section><article><p>Thank you <a href="https://were.social/users/arcanicanis">@arcanicanis</a> for making us users on here safer and reporting this critical Mastodon vulnerability.</p><p>And <a href="https://mastodon.social/@Gargron">@Gargron</a> and team for the prompt fix and patching of mastodon.social.</p><p>If your instance isn't patched, you should probably ping your admin.</p><p>"Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account.”</p><p><a href="https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw" rel="nofollow noreferrer">https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw</a></p><p><a href="https://mastodon.social/tags/Mastodon" rel="tag">#Mastodon</a> <a href="https://mastodon.social/tags/MastoSec" rel="tag">#MastoSec</a> <a href="https://mastodon.social/tags/CVE_2024_23832" rel="tag">#CVE_2024_23832</a> <a href="https://mastodon.social/tags/MastoAdmin" rel="tag">#MastoAdmin</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2665591#notice-5282797">In conversation</a><time datetime="2024-02-02T07:13:15+09:00" title="Friday, 02-Feb-2024 07:13:15 JST">about 10 months ago</time> <span>from <span><a href="https://mastodon.social/@fj/111857028002000575" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@fj/111857028002000575">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2199560">Untitled attachment</a></label><br><a href="https://files.mastodon.social/media_attachments/files/111/857/027/768/357/938/original/e6834641fc551f2d.png" rel="external">https://files.mastodon.social/media_attachments/files/111/857/027/768/357/938/original/e6834641fc551f2d.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Frederic Jacobs (fj@mastodon.social)'s status on Friday, 02-Feb-2024 07:13:15 JSTFrederic Jacobs
- Eugen Rochko
- arcanicanis
Thank you @arcanicanis for making us users on here safer and reporting this critical Mastodon vulnerability.
And @Gargron and team for the prompt fix and patching of mastodon.social.
If your instance isn't patched, you should probably ping your admin.
"Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account.”
https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw
#Mastodon #MastoSec #CVE_2024_23832 #MastoAdmin
In conversationabout 10 months ago from mastodon.socialpermalink
Attachments
1. Untitled attachment
  https://files.mastodon.social/media_attachments/files/111/857/027/768/357/938/original/e6834641fc551f2d.png

Public

Embed Notice

HTML Code

Corresponding Notice