Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-04T21:14:53.350Z

Updated: 2024-08-02T13:51:38.946Z

Reserved: 2023-03-24T16:25:34.467Z

Link: CVE-2023-28853

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-04T22:15:08.087

Modified: 2024-11-21T07:56:09.700

Link: CVE-2023-28853

cve-icon Redhat

No data.