- Description
- Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Mastodon server fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate an account on a remote server that satisfies all of the following properties: allows the attacker to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as the ActivityPub actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19 contain a fix for this issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.7
- Impact score
- 4
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8812D4F-2BE3-47EF-8184-1A59A8BD0345",
"versionEndExcluding": "3.5.19"
},
{
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AEC8DE8-51AD-4C44-AF70-A2ABE8FD49AD",
"versionEndExcluding": "4.0.15",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CBB8738-9E7D-4DAE-8E6F-5D8F51363B94",
"versionEndExcluding": "4.1.15",
"versionStartIncluding": "4.1.0"
},
{
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00EE36CA-1391-4052-9CCB-7A087F06A51E",
"versionEndExcluding": "4.2.7",
"versionStartIncluding": "4.2.0"
}
],
"operator": "OR"
}
]
}
]