289

ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING (social.wake.st)

submitted 1 year ago by liaizon@social.wake.st to c/fediverse@lemmy.ml

37 comments fedilink hide all child comments

ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING

Details:
https://lemmy.world/post/1293336

Lemmy.world was hacked and most Lemmy servers are still vulnerable to the exploit:
https://lemmy.world/post/1290412

[posted also to @fediverse]

you are viewing a single comment's thread
view the rest of the comments

[-] BlueEther@no.lastname.nz 3 points 1 year ago

The attack shouldn't have exposed passwords or hashes, only the JWT cookie. The secret on the server has been changed so all old cookies should no longer work.

There is a very small possibility that email address may have been able to be seen if they logged is as you, but they were looking for admin accounts

[-] Valmond@lemmy.ml 1 points 1 year ago

Anyone knows what maintainers should do to patch the vulnerability?

[-] BlueEther@no.lastname.nz 2 points 1 year ago

Been patched already in release 0.18.2-rc's

this post was submitted on 10 Jul 2023

289 points (97.7% liked)

Fediverse

17685 readers

8 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

What is the fediverse?
- Short ver.
- Full ver.
Fediverse Platforms
How to run your own community

founded 4 years ago

MODERATORS

deadsuperhero@lemmy.ml

wakest@lemmy.ml