VYPR
Unrated severityNVD Advisory· Published Feb 27, 2025· Updated Feb 27, 2025

Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"

CVE-2025-27399

Description

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" (localized English string: "To logged-in users"), users that are not yet approved can view the block reasons. Instance admins that do not want their domain blocks to be public are impacted. Versions 4.1.23, 4.2.16, and 4.3.4 fix the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Mastodon/Mastodonllm-fuzzy2 versions
    <4.1.23 || <4.2.16 || <4.3.4+ 1 more
    • (no CPE)range: <4.1.23 || <4.2.16 || <4.3.4
    • (no CPE)range: < 4.1.23
  • osv-coords
    Range: < 4.3.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.