CNNVD-202510-1650 Information
CNNVD ID
CNNVD-202510-1650
Related CVE
- CNNVD Published: 2025-10-13
Description (Chinese)
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon 4.4.6之前版本、4.3.14之前版本和4.2.27之前版本存在安全漏洞,该漏洞源于流服务器接受使用任何有效身份验证令牌为公共时间线提供服务的事件,可能导致意外访问公共帖子。
Description (English)
Mastodon is an open-source social network server based on ActivityPub. There is a security loophole in the previous versions of Mastodon 4.4.6, 4.3.14 and 4.2.27, which stems from the acceptance by flow servers of any use of valid identification badges to service the public time line, which may lead to unexpected access to public posts.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Mastodon
Published
2025-10-13
Last Modified
2026-02-24
References
https://github.com/mastodon/mastodon/security/advisories/GHSA-7gwh-mw97-qjgp https://github.com/mastodon/mastodon/commit/7e98fa9b476fdaed235519f1d527eb956004ba0c https://access.redhat.com/security/cve/cve-2025-62176
Patch
https://github.com/mastodon/mastodon/releases
Share on: