Exploit Report

Computer Security And Bug Information

CVE-2024-25108

CVECVE-2024-25108
CVE Title
Published Date2024-02-12T20:15Z
Modified Date2024-02-12T20:39Z
CWE TypeCWE-285
DescriptionPixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf
Reference Description https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf
Reference URLhttps://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037
Reference Description https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037
Sources NIST MITRE
Note
  • No CVSS data for this CVE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles