{"vulnerability": "CVE-2024-2383", "sightings": [{"uuid": "693774cc-46cf-42ab-8a7e-974d17e1cc6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-23832", "type": "seen", "source": "https://bsky.app/profile/bmannconsulting.com/post/3ljqgmukl722f", "content": "", "creation_timestamp": "2025-03-07T00:30:28.002637Z"}, {"uuid": "85fce25d-15b6-42f7-863f-82950dda760a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "https://t.me/itsec_news/4077", "content": "\u200b\u26a1\ufe0f9.4 \u0438\u0437 10: Mastodon \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u0437\u0430\u0445\u0432\u0430\u0442\u043e\u043c \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432\n\n\ud83d\udcac \u0414\u0435\u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0441\u0435\u0442\u044c Mastodon \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0440\u0438\u0442\u0432\u043e\u0440\u044f\u0442\u044c\u0441\u044f \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0438\u0445 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b.\n\n\u00ab\u0418\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Mastodon \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u0432\u043e\u0439 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u043f\u043e\u0434 \u043b\u044e\u0431\u043e\u0439 \u0434\u0440\u0443\u0433\u043e\u0439\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u043a\u0440\u0430\u0442\u043a\u043e\u043c \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2024-23832 , \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,4 \u0438\u0437 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0445 10. \u0417\u0430 \u0435\u0451 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 \u0431\u044b\u043b \u043e\u0442\u043c\u0435\u0447\u0435\u043d \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0434 \u043f\u0441\u0435\u0432\u0434\u043e\u043d\u0438\u043c\u043e\u043c \u00abarcanicanis\u00bb.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u00ab\u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f\u00bb ( origin validation error ), \u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u043a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u043e, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u043b \u0431\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0435\u043c\u0443 \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Mastodon \u0434\u043e 3.5.17, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 4.0.x \u0434\u043e 4.0.13, 4.1.x \u0434\u043e 4.1.13 \u0438 4.2.x \u0434\u043e 4.2.5.\n\nMastodon \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430, \u0447\u0442\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0443\u0434\u0443\u0442 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0442\u043e\u043b\u044c\u043a\u043e 15 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2024 \u0433\u043e\u0434\u0430, \u0447\u0442\u043e\u0431\u044b \u0434\u0430\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043d\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f.\n\n\u00ab\u041b\u044e\u0431\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0434\u0435\u0442\u0430\u043b\u0435\u0439 \u0441\u0434\u0435\u043b\u0430\u043b\u043e \u0431\u044b \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u043e\u0447\u0435\u043d\u044c \u043f\u0440\u043e\u0441\u0442\u044b\u043c\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438.\n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 Mastodon \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 (\u0438\u043d\u0441\u0442\u0430\u043d\u0441\u0430\u0445), \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u0438 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u0441\u0432\u043e\u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0438 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u044b, \u0441\u043e\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0435 \u043d\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c \u0443\u0440\u043e\u0432\u043d\u0435.\n\n\u042d\u0442\u043e \u0442\u0430\u043a\u0436\u0435 \u043e\u0437\u043d\u0430\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043a\u0430\u0436\u0434\u044b\u0439 \u0438\u043d\u0441\u0442\u0430\u043d\u0441 \u0438\u043c\u0435\u0435\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434\u0435\u043a\u0441 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f, \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0443 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0438 \u0440\u0435\u0433\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442, \u0447\u0442\u043e\u0431\u044b \u043a\u0430\u0436\u0434\u044b\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440 \u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0438\u043d\u0441\u0442\u0430\u043d\u0441\u043e\u0432 \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0443\u0433\u0440\u043e\u0437\u044b \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u043f\u043e\u0447\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u043c\u044c \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Mastodon \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0434\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 ( CVE-2023-36460 \u0438 2023-36459 ), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \u00ab\u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438\u00bb \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-02-06T07:59:12.000000Z"}, {"uuid": "4ee85c00-718f-47ed-89d2-c6ee8f8d495d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23831", "type": "seen", "source": "https://gist.github.com/alon710/e37d2547f94caa98a9dc8481904a9195", "content": "", "creation_timestamp": "2026-01-24T21:22:47.000000Z"}, {"uuid": "655187c3-2fd7-455d-8d37-58822d9ff112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:12.000000Z"}, {"uuid": "4c895241-4124-4abe-8464-696283662a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23831", "type": "seen", "source": "https://gist.github.com/alon710/a9ecb519c88d3e48ea274150847b2f2a", "content": "", "creation_timestamp": "2026-01-24T22:18:23.000000Z"}, {"uuid": "8635abed-a2f3-4cb0-869c-deefd2f6f68f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23831", "type": "seen", "source": "https://gist.github.com/alon710/07ffe3f71eb5ee388c1afbc41406b2ab", "content": "", "creation_timestamp": "2026-01-24T22:18:20.000000Z"}, {"uuid": "37cc5b3b-34fd-43d2-9292-96cc33900f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23830", "type": "seen", "source": "https://t.me/arpsyndicate/3785", "content": "#ExploitObserverAlert\n\nCVE-2024-23830\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23830. MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.", "creation_timestamp": "2024-02-21T13:55:09.000000Z"}, {"uuid": "2347d7e6-3303-4b0a-b6b7-0d16b944980d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "https://t.me/freeosint/1858", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Mastodon \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0447\u0443\u0436\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c.\n\n\u0412 \u043a\u043e\u0434\u0435 \u043e\u043f\u0435\u043d\u0441\u043e\u0440\u0441\u043d\u043e\u0439 \u0434\u0435\u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 Mastodon \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u043b\u044e\u0431\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0435\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-23832 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f (origin validation, CWE-346) \u0432 Mastodon, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0437\u0430\u0432\u043b\u0430\u0434\u0435\u0432\u0430\u0442\u044c \u0438\u0445 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430\u043c\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 9,4 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Mastodon \u0434\u043e 3.5.17, 4.0.13, 4.1.13 \u0438 4.2.5.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0431\u044b\u043b \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 4.2.5, \u0434\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u0441\u0435\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c Mastodon \u0442\u0435\u043f\u0435\u0440\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441\u0432\u043e\u0438\u0445 \u0438\u043d\u0441\u0442\u0430\u043d\u0441\u043e\u0432.\n\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Mastodon \u043f\u043e\u043a\u0430 \u0432\u043e\u0437\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043e\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u0443\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0431\u0430\u0433\u0430. \u00ab\u041b\u044e\u0431\u044b\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043c\u043e\u0433\u0443\u0442 \u0441 \u043b\u0435\u0433\u043a\u043e\u0441\u0442\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u00bb, \u2014 \u043f\u0438\u0448\u0443\u0442 \u043e\u043d\u0438. \u041e\u0434\u043d\u0430\u043a\u043e \u043e\u043d\u0438 \u043f\u043e\u043e\u0431\u0435\u0449\u0430\u043b\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e CVE-2024-23832 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438, \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442 \u043f\u0430\u0442\u0447\u0438.\n\n\u041e\u0442\u043c\u0435\u0447\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0440\u044f\u0434\u043e\u0432\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Mastodon \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0438\u0447\u0435\u0433\u043e, \u043d\u043e \u0438\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0438\u043d\u0441\u0442\u0430\u043d\u0441\u043e\u0432, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u043d\u0438 \u0443\u0447\u0430\u0441\u0442\u0432\u0443\u044e\u0442, \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u0434\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438. \u0412 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0438\u0445 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0431\u0443\u0434\u0443\u0442 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0440\u0438\u0441\u043a\u0443 \u0432\u0437\u043b\u043e\u043c\u0430.\n\n\ud83d\udd17Links", "creation_timestamp": "2024-02-05T16:37:58.000000Z"}, {"uuid": "8f5084dd-bbd0-4446-98ae-8e8eb820d9fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "https://t.me/KomunitiSiber/1439", "content": "Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account\nhttps://thehackernews.com/2024/02/mastodon-vulnerability-allows-hackers.html\n\nThe decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account.\n\"Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account,\" the maintainers said in a terse advisory.\nThe vulnerability, tracked as\u00a0CVE-2024-23832, has a severity rating of 9.4 out of", "creation_timestamp": "2024-02-03T08:37:54.000000Z"}, {"uuid": "58b1cc80-eaed-4702-8616-13a956489d0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "Telegram/9-lwg2GVev4VBQlgwZfMKGEJLaHd199Vz40pQQqSeH9dEw", "content": "", "creation_timestamp": "2024-02-03T08:15:32.000000Z"}, {"uuid": "af1075a7-30cc-4366-bf24-654f69c412b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23833", "type": "seen", "source": "https://t.me/ctinow/198797", "content": "https://ift.tt/J3BwlSe\nCVE-2024-23833 | OpenRefine prior 3.7.8 JDBC path traversal", "creation_timestamp": "2024-03-03T15:51:55.000000Z"}, {"uuid": "89344a52-319e-454e-b4a1-c3d9d38a33d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23837", "type": "seen", "source": "https://t.me/ctinow/207590", "content": "https://ift.tt/wZ4ChdT\nCVE-2024-23837 | OISF libhtp up to 0.5.45 HTTP Header allocation of resources", "creation_timestamp": "2024-03-14T10:21:21.000000Z"}, {"uuid": "f416e00a-5de7-4073-917e-34d5e7e296c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23839", "type": "seen", "source": "https://t.me/ctinow/207567", "content": "https://ift.tt/AyJOaVK\nCVE-2024-23839 | Suricata up to 7.0.2 Traffic use after free", "creation_timestamp": "2024-03-14T09:21:53.000000Z"}, {"uuid": "750c209d-50c4-4f9d-a7db-61d3d973d9c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23836", "type": "seen", "source": "https://t.me/ctinow/207566", "content": "https://ift.tt/w2ziqgu\nCVE-2024-23836 | Suricata up to 6.0.15/7.0.2 allocation of resources", "creation_timestamp": "2024-03-14T09:21:52.000000Z"}, {"uuid": "ed03c6d4-42fa-4f64-8bb4-860a4aeafc1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23835", "type": "seen", "source": "https://t.me/ctinow/207564", "content": "https://ift.tt/Y1AbKaN\nCVE-2024-23835 | Suricata up to 7.0.2 pgsql Parser resource consumption (GHSA-8583-353)", "creation_timestamp": "2024-03-14T09:21:50.000000Z"}, {"uuid": "586257c2-b5ae-4e8f-a0c5-309d13857a2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23834", "type": "seen", "source": "https://t.me/ctinow/190643", "content": "https://ift.tt/b02ErCg\nCVE-2024-23834 | Discourse up to 3.1.4/3.2.0.beta4 cross site scripting (GHSA-rj3g-8q6p-63pc)", "creation_timestamp": "2024-02-22T11:37:05.000000Z"}, {"uuid": "420176a6-3a90-4e01-88ec-18882fabdc94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23830", "type": "seen", "source": "https://t.me/ctinow/189008", "content": "https://ift.tt/8TVIWck\nCVE-2024-23830", "creation_timestamp": "2024-02-20T23:27:07.000000Z"}, {"uuid": "3e8ba5de-bd37-4ecf-82b6-5df57ed5c831", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23830", "type": "seen", "source": "https://t.me/ctinow/189000", "content": "https://ift.tt/8TVIWck\nCVE-2024-23830", "creation_timestamp": "2024-02-20T23:26:54.000000Z"}, {"uuid": "3746df4c-de01-40f9-a20b-cf79030a7491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "https://t.me/ctinow/192512", "content": "https://ift.tt/IowPLZ4\nCVE-2024-23832 | Mastodon up to 3.5.16/4.0.12/4.1.12/4.2.4 LDAP Authentication authentication spoofing", "creation_timestamp": "2024-02-24T09:41:18.000000Z"}, {"uuid": "8c35870b-c4e0-479c-a272-6f2c6f303912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "https://t.me/ctinow/179955", "content": "https://ift.tt/zgl04VR\nLagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)", "creation_timestamp": "2024-02-06T12:56:24.000000Z"}, {"uuid": "d9f5fa8f-f1bb-464e-b23c-bd1edb89bf1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "https://t.me/ctinow/177719", "content": "https://ift.tt/wEiG5Kh\nCVE-2024-23832", "creation_timestamp": "2024-02-01T18:21:47.000000Z"}, {"uuid": "e0c43a47-f8bf-4a2d-a2cf-b9bfec047430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23838", "type": "seen", "source": "https://t.me/ctinow/190545", "content": "https://ift.tt/BWQZDv3\nCVE-2024-23838 | TrueLayer prior 1.6.0 server-side request forgery", "creation_timestamp": "2024-02-22T09:07:36.000000Z"}, {"uuid": "ed1e5d4c-8e1e-431d-b6ed-345787ed34c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23833", "type": "seen", "source": "https://t.me/ctinow/183437", "content": "https://ift.tt/LHz0Kpn\nCVE-2024-23833", "creation_timestamp": "2024-02-12T22:31:27.000000Z"}, {"uuid": "b7f3d0be-d7e9-4cef-b9aa-a31f84ef8ff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23834", "type": "seen", "source": "https://t.me/ctinow/176346", "content": "https://ift.tt/nEy7kli\nCVE-2024-23834", "creation_timestamp": "2024-01-30T23:26:28.000000Z"}, {"uuid": "754b0e87-b1af-44d2-a1f6-148d31c1a981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23838", "type": "seen", "source": "https://t.me/ctinow/176161", "content": "https://ift.tt/iCv5dUE\nCVE-2024-23838", "creation_timestamp": "2024-01-30T18:32:13.000000Z"}, {"uuid": "0bc6c605-d8e3-4c15-8323-3d5d05a9588d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23832", "type": "seen", "source": "https://t.me/thehackernews/4499", "content": "\u26a1 Mastodon users, beware! \n \nA critical security flaw (CVE-2024-23832) affecting the decentralized social network could allow attackers to impersonate and take over any account. \n \nFind details here \u2192 https://thehackernews.com/2024/02/mastodon-vulnerability-allows-hackers.html", "creation_timestamp": "2024-02-03T07:58:30.000000Z"}]}