ByteOS Network

NVD Vulnerability Details :

CVE-2023-42451

Analyzed

Source-security-advisories@github.com

Published At-19 Sep, 2023 | 16:15

Updated At-22 Sep, 2023 | 17:10

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary	3.1	7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CPE Matches

joinmastodon>>mastodon>>Versions before 3.5.14(exclusive)

cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*

joinmastodon>>mastodon>>Versions from 4.0.0(inclusive) to 4.0.10(exclusive)

cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*

joinmastodon>>mastodon>>Versions from 4.1.0(inclusive) to 4.1.8(exclusive)

cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*

joinmastodon>>mastodon>>4.2.0

cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta1:*:*:*:*:*:*

joinmastodon>>mastodon>>4.2.0

cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta2:*:*:*:*:*:*

joinmastodon>>mastodon>>4.2.0

cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta3:*:*:*:*:*:*

joinmastodon>>mastodon>>4.2.0

cpe:2.3:a:joinmastodon:mastodon:4.2.0:rc1:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-706	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/mastodon/mastodon/commit/eeab3560fc0516070b3fb97e089b15ecab1938c8	security-advisories@github.com	Patch
https://github.com/mastodon/mastodon/security/advisories/GHSA-v3xf-c9qf-j667	security-advisories@github.com	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History