Kevin Beaumont on Nostr: I would strongly recommend all #Mastoadmin apply patches for #CVE202336460 #TootRoot ...
I would strongly recommend all #Mastoadmin apply patches for #CVE202336460 #TootRoot - i.e. get to the latest release.
I've done some surveying and a significant percentage of instances haven't patched, and this one is very likely to see in the wild exploitation.
Widespread exploitation across many instances is as simple as sending a single toot.
Published at
2023-07-07 11:18:46Event JSON
{
"id": "47c3b79601b45c0652c90465f1f051190bd78ccc811a8170fa7b51b304c49ebe",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1688728726,
"kind": 1,
"tags": [
[
"e",
"a76e80dff07e8f9df53ec49999204f11ac33bc0b0d6bdb38da6d7e3596417db6",
"wss://relay.mostr.pub",
"reply"
],
[
"t",
"mastoadmin"
],
[
"t",
"cve202336460"
],
[
"t",
"tootroot"
],
[
"mostr",
"https://cyberplace.social/users/GossiTheDog/statuses/110672525851675852"
]
],
"content": "I would strongly recommend all #Mastoadmin apply patches for #CVE202336460 #TootRoot - i.e. get to the latest release.\n\nI've done some surveying and a significant percentage of instances haven't patched, and this one is very likely to see in the wild exploitation. \n\nWidespread exploitation across many instances is as simple as sending a single toot.",
"sig": "b6810e377f0ef975198914321552554220c6502bf8d678f43d4eebc1b015654f5b815ff38fe1c6b8bc6c008c44e691e7e5d72ffa0f629438992d9ac7253798f6"
}
