What is CVE-2023-42451?

CVE-2023-42451 is a high-severity vulnerability in Mastodon, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 7.4/10. Published 2023-09-19.

How severe is CVE-2023-42451?

High severity. CVSS v3 base score is 7.4 out of 10.

Vulnerability in Mastodon

CVE-2023-42451

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains the…

EPSS: 0.003 (54.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Mastodon — versions < 3.5.14, >= 4.0.0, < 4.0.10, >= 4.1.0, < 4.1.8

Weakness classification (CWE)

CWE-706 — Use of Incorrectly-Resolved Name or Reference

References

https://github.com/mastodon/mastodon/security/advisories/GHSA-v3xf-c9qf-j667 (x_refsource_CONFIRM)
https://github.com/mastodon/mastodon/commit/eeab3560fc0516070b3fb97e089b15ecab1938c8 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-42451?: CVE-2023-42451 is a high-severity vulnerability in Mastodon, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 7.4/10. Published 2023-09-19.
How severe is CVE-2023-42451?: High severity. CVSS v3 base score is 7.4 out of 10.