Lemmy.eus
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
wakest ⁂@social.wake.st to Fediverse@lemmy.ml · 2 years ago

ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING

message-square
message-square
37
fedilink
285
message-square

ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING

wakest ⁂@social.wake.st to Fediverse@lemmy.ml · 2 years ago
message-square
37
fedilink

ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING

Details:
https://lemmy.world/post/1293336

Lemmy.world was hacked and most Lemmy servers are still vulnerable to the exploit:
https://lemmy.world/post/1290412

[posted also to @fediverse]

  • alternative_be✅🖖🏻@todon.nl
    link
    fedilink
    arrow-up
    3    ·
    2 years ago

    @liaizon @fediverse I only joined a few days ago. I suppose this means I have to alter my password?

    • BlueÆther@no.lastname.nz
      link
      fedilink
      arrow-up
      3      ·
      2 years ago

      The attack shouldn’t have exposed passwords or hashes, only the JWT cookie. The secret on the server has been changed so all old cookies should no longer work.

      There is a very small possibility that email address may have been able to be seen if they logged is as you, but they were looking for admin accounts

      • Valmond@lemmy.ml
        link
        fedilink
        arrow-up
        1        ·
        2 years ago

        Anyone knows what maintainers should do to patch the vulnerability?

        • BlueÆther@no.lastname.nz
          link
          fedilink
          arrow-up
          2          ·
          2 years ago

          Been patched already in release 0.18.2-rc’s

    • CommunityLinkFixerBot@lemmings.worldB
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2      ·
      2 years ago

      Hi there! Looks like you linked to a Lemmy community using an URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !fediverse@lemmy.ml

Fediverse@lemmy.ml

fediverse@lemmy.ml

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !fediverse@lemmy.ml

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of “federation” and “universe”.

Getting started on Fediverse;

  • What is the fediverse?
    • Short ver.
    • Full ver.
  • Fediverse Platforms
  • How to run your own community
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 4 users / day
  • 143 users / week
  • 481 users / month
  • 2.86K users / 6 months
  • 14 local subscribers
  • 19.4K subscribers
  • 1.47K Posts
  • 15.9K Comments
  • Modlog
  • mods:
  • Sean Tilley@lemmy.ml
  • wakest@lemmy.ml
  • BE: 0.19.7
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org