Vulnerabilities > Joinmastodon > Mastodon

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2024-23832 Authentication Bypass by Spoofing vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication.
network
low complexity
joinmastodon CWE-290
critical
 9.8
9.8
2023-09-19 CVE-2023-42450 Server-Side Request Forgery (SSRF) vulnerability in Joinmastodon Mastodon 4.2.0
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon CWE-918
7.5
7.5
2023-09-19 CVE-2023-42451 Use of Incorrectly-Resolved Name or Reference vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon CWE-706
7.5
7.5
2023-09-19 CVE-2023-42452 Cross-site Scripting vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon CWE-79
5.4
5.4
2023-07-06 CVE-2023-36462 Unspecified vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon
5.4
5.4
2023-07-06 CVE-2023-36459 Cross-site Scripting vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon CWE-79
6.1
6.1
2023-07-06 CVE-2023-36460 Path Traversal vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon CWE-22
critical
 9.9
9.9
2023-07-06 CVE-2023-36461 Allocation of Resources Without Limits or Throttling vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon CWE-770
7.5
7.5
2023-04-04 CVE-2023-28853 LDAP Injection vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication.
network
low complexity
joinmastodon CWE-90
6.5
6.5
2023-03-06 CVE-2022-48364 Unspecified vulnerability in Joinmastodon Mastodon 3.5.0/3.5.1/3.5.2
The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.
network
low complexity
joinmastodon
4.3
4.3