5.3
CVE-2025-27399
- EPSS 0.24%
- Veröffentlicht 27.02.2025 18:15:30
- Zuletzt bearbeitet 24.06.2025 15:59:22
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginMastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" (localized English string: "To logged-in users"), users that are not yet approved can view the block reasons. Instance admins that do not want their domain blocks to be public are impacted. Versions 4.1.23, 4.2.16, and 4.3.4 fix the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Joinmastodon ≫ Mastodon Version < 4.1.23
Joinmastodon ≫ Mastodon Version >= 4.2.0 < 4.2.16
Joinmastodon ≫ Mastodon Version >= 4.3.0 < 4.3.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.466 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.