CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
28.8%
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.
Vendor | Product | Version | CPE |
---|---|---|---|
joinmastodon | mastodon | * | cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:* |
joinmastodon | mastodon | 4.2.0 | cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta1:*:*:*:*:*:* |
joinmastodon | mastodon | 4.2.0 | cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta2:*:*:*:*:*:* |
joinmastodon | mastodon | 4.2.0 | cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta3:*:*:*:*:*:* |
joinmastodon | mastodon | 4.2.0 | cpe:2.3:a:joinmastodon:mastodon:4.2.0:rc1:*:*:*:*:*:* |