Vulnerabilities > Joinmastodon
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-01 | CVE-2024-23832 | Authentication Bypass by Spoofing vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. | 9.8 |
2023-09-19 | CVE-2023-42450 | Server-Side Request Forgery (SSRF) vulnerability in Joinmastodon Mastodon 4.2.0 Mastodon is a free, open-source social network server based on ActivityPub. | 7.5 |
2023-09-19 | CVE-2023-42451 | Use of Incorrectly-Resolved Name or Reference vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 7.5 |
2023-09-19 | CVE-2023-42452 | Cross-site Scripting vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 5.4 |
2023-07-06 | CVE-2023-36462 | Unspecified vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 5.4 |
2023-07-06 | CVE-2023-36459 | Cross-site Scripting vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 6.1 |
2023-07-06 | CVE-2023-36460 | Path Traversal vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 9.9 |
2023-07-06 | CVE-2023-36461 | Allocation of Resources Without Limits or Throttling vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 7.5 |
2023-04-04 | CVE-2023-28853 | LDAP Injection vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. | 6.5 |
2023-03-06 | CVE-2022-48364 | Unspecified vulnerability in Joinmastodon Mastodon 3.5.0/3.5.1/3.5.2 The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | 4.3 |