{
  "id": "CVE-2022-46405",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-12-04T04:15:09.380",
  "lastModified": "2024-11-21T07:30:32.440",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages."
    },
    {
      "lang": "es",
      "value": "Mastodon hasta 4.0.2 permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) (gran cola de extracci\u00f3n de Sidekiq) mediante la creaci\u00f3n de cuentas de bot que siguen cuentas controladas por el atacante en ciertos otros servidores asociados con un registro DNS A comod\u00edn, de modo que existe una recursi\u00f3n incontrolada de mensajes generados por el atacante."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "4.0.2",
              "matchCriteriaId": "11AE4FBF-5DF3-49F0-AAF4-6EB04F94C222"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://borg.social/notes/98bcoo2t1n",
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://hackmd.io/rD9nsTz1QeuPT-erxqjY-A",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://borg.social/notes/98bcoo2t1n",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://hackmd.io/rD9nsTz1QeuPT-erxqjY-A",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}