cvedb.io
CVE-2022-48364
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2023-03-06T14:15:09.463 · Last modified 2026-06-17T05:15:15.733

Summary

The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.

Affected products

joinmastodon — mastodon

Does this affect you?

Add your gear to cvedb and we'll alert you only when joinmastodon ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.