When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The flaw is tracked as CVE-2024-23832, and has a severity rating of 9.4.
It affects all Mastodon versions before 3.5.17, 4.0.13, and 4.2.5.
The vulnerability has now been patched, with administrators advised to apply it without delay.
The project promised to share more information on February 15,BleepingComputerreports.
Mastodon works on the basis of instances - communities with unique guidelines and policies, governed by their administrators.
The instances are then interconnected in a system Mastodon refers to as federation.
Being decentralized also makes it somewhat more difficult to patch.
Mastodon may not be the powerhouse Twitter is, but its user base is hardly negligible.
As such, threat actors are also hunting for potential vulnerabilities on the platform.
Last summer, the project fixed a critical vulnerability tracked as CVE-2023-36460, called TootRoot.
This flaw allowed threat actors to send toots (posts) that could create web shells on target instances.
The flaw granted the attackers full control over the vulnerable server, including access to sensitive user information.
