Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-04T21:14:53.350Z
Updated: 2024-08-02T13:51:38.946Z
Reserved: 2023-03-24T16:25:34.467Z
Link: CVE-2023-28853
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-04T22:15:08.087
Modified: 2024-11-21T07:56:09.700
Link: CVE-2023-28853
Redhat
No data.