Security Advisory

CVE-2023-28853

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-04-04 21:14:53

Last updated 2025-02-13 16:48:56

Assigner GitHub_M

State PUBLISHED

Description

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2.

← Browse all CVEs View on cve.org ↗