top.ofthe.top on Nostr: Там это, в некоторых версиях мастодона нашлась ...
Там это, в некоторых версиях мастодона нашлась какая-то уязвимость. Подробности будут позже, чтобы дать админам инстансов обновиться.
> Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5. Details TBA. This advisory will be edited with more details on 2024/02/15, when admins have been given some time to update, as we think any amount of detail would make it very easy to come up with an exploit.
Published at
2024-02-03 03:10:45Event JSON
{
"id": "f42e05d3bbbef4674fd3aaaf082e6815f10cb0de01ec0012e5162c4e77ad7506",
"pubkey": "3ca0488fca831fa259f9ce1fe073e6d0702667e2fb943df0160d68248d2dd57a",
"created_at": 1706929845,
"kind": 1,
"tags": [
[
"p",
"dae987e673bed79f13fa8ba6ec74806805df952ae00c34f76d18fa91d10c1bf6",
"wss://relay.mostr.pub"
],
[
"p",
"1d26545c9285cc4708eaeffd7a88a3048c80c9a0a4a8b9e314c5bba4e6d9ce2b",
"wss://relay.mostr.pub"
],
[
"p",
"664f1a34812744aa874c25bccfeb28d45cba6bce07c0bfc1f393691f3b6767e0",
"wss://relay.mostr.pub"
],
[
"p",
"43cd4d1187ce95d06fbb4be6a0a41597fe896ddc020f5ef9b58a3068ea22806d",
"wss://relay.mostr.pub"
],
[
"t",
"mastodon"
],
[
"proxy",
"https://top.ofthe.top/social/status/2024/02/03/61071931fc23c/",
"activitypub"
]
],
"content": "Там это, в некоторых версиях мастодона нашлась какая-то уязвимость. Подробности будут позже, чтобы дать админам инстансов обновиться.\n\u003e Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5. Details TBA. This advisory will be edited with more details on 2024/02/15, when admins have been given some time to update, as we think any amount of detail would make it very easy to come up with an exploit.",
"sig": "4cdcf54aeeaacb7affe0966612779d7cd3d1d3ffa09daa1b9fbf1c492d34b76f62327cec5e0725267dd3c73861f550aa689cd18199d0a44e766a84c8731ea9ff"
}