cbcvebase.
CVE-2024-23832
published 2024-02-01

CVE-2024-23832: Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.93%
77.5th percentile
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.

Affected

8 ranges
VendorProductVersion rangeFixed in
joinmastodonmastodon< 3.5.173.5.17
joinmastodonmastodon>= 4.0.0 < 4.0.134.0.13
joinmastodonmastodon>= 4.1.0 < 4.1.134.1.13
joinmastodonmastodon>= 4.2.0 < 4.2.54.2.5
mastodonmastodon< 3.5.173.5.17
mastodonmastodon
mastodonmastodon
mastodonmastodon

Detection & IOCsextracted from sources · hover to see the quote

  • All Mastodon instances running versions prior to 3.5.17, 4.0.13, 4.1.13, or 4.2.5 are vulnerable to account takeover via insufficient origin validation (CVE-2024-23832); detect unpatched instances by version fingerprinting.
  • The vulnerability stems from insufficient origin validation in Mastodon's ActivityPub federation layer, enabling remote account impersonation; monitor for unexpected cross-instance account modification or ownership-change ActivityPub messages.
  • ·Technical exploitation details were intentionally withheld by Mastodon at time of disclosure to prevent active exploitation; full details were promised for release on February 15, 2024.
  • ·Mastodon's LDAP authentication configuration is noted as a relevant attack surface context; administrators should review LDAP origin validation settings in addition to upgrading.
  • ·End users cannot self-remediate; only server administrators upgrading to a patched version (≥4.2.5 or respective branch fixes) can protect accounts from hijacking.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.