漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"
Vulnerability Description
Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" (localized English string: "To logged-in users"), users that are not yet approved can view the block reasons. Instance admins that do not want their domain blocks to be public are impacted. Versions 4.1.23, 4.2.16, and 4.3.4 fix the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Mastodon 授权问题漏洞
Vulnerability Description
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon存在授权问题漏洞,该漏洞源于未批准用户可查看域阻止原因,影响不希望公开域阻止的实例管理员。
CVSS Information
N/A
Vulnerability Type
N/A