Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.
History

Thu, 24 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-06T19:16:37.617Z

Updated: 2024-10-24T14:25:32.031Z

Reserved: 2023-06-21T18:50:41.699Z

Link: CVE-2023-36462

cve-icon Vulnrichment

Updated: 2024-08-02T16:45:57.097Z

cve-icon NVD

Status : Modified

Published: 2023-07-06T20:15:09.423

Modified: 2024-11-21T08:09:45.740

Link: CVE-2023-36462

cve-icon Redhat

No data.