CVE-2025-27399 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is se…
Medium CVSS: 5.3

CVE-2025-27399

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" (localized English string: "To logged-in users"), users that are not yet approved can view the block reasons. Instance admins that do not want their domain blocks to be public are impacted. Versions 4.1.23, 4.2.16, and 4.3.4 fix the issue.
Vendor
Joinmastodon
Product
Mastodon
CWE
CWE-200
Yayın Tarihi
2025-02-27 18:15:30
Güncelleme
2025-06-24 15:59:22
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-200 Mastodon MEDIUM Joinmastodon 2025

Referanslar

https://github.com/mastodon/mastodon/blob/93f0427b8a84faf68d5d02cdf9a26f98fae16f2b/app/controllers/api/v1/instances/domain_blocks_controller.rb#L33-L35 https://github.com/mastodon/mastodon/blob/93f0427b8a84faf68d5d02cdf9a26f98fae16f2b/app/controllers/api/v1/instances/domain_blocks_controller.rb#L49-L51 https://github.com/mastodon/mastodon/commit/6b519cfefa93a923b19d0f20c292c7185f8fd5f5 https://github.com/mastodon/mastodon/security/advisories/GHSA-94h4-fj37-c825