Home > Vulnerability Database > CVE-2024-23832

Mend.io Vulnerability Database

CVE-2024-23832

Good to know:

Date: February 1, 2024

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.

Language: Ruby

Severity Score

9.8

Related Resources (5)

Url: http://www.openwall.com/lists/oss-security/2024/02/02/4

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23832

Url: https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

Url: https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958

Url: https://www.mend.io/vulnerability-database/CVE-2024-23832

Severity Score

9.8

Weakness Type (CWE)

Authentication Bypass by Spoofing

CWE-290

Top Fix

Upgrade Version

Upgrade to version v3.5.17,v4.0.13,v4.1.13,v4.2.5

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23832

Good to know:

Date: February 1, 2024

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?