ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING
Details:
https://lemmy.world/post/1293336
Lemmy.world was hacked and most Lemmy servers are still vulnerable to the exploit:
https://lemmy.world/post/1290412
[posted also to @fediverse]
ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING
Details:
https://lemmy.world/post/1293336
Lemmy.world was hacked and most Lemmy servers are still vulnerable to the exploit:
https://lemmy.world/post/1290412
[posted also to @fediverse]
The attack shouldn’t have exposed passwords or hashes, only the JWT cookie. The secret on the server has been changed so all old cookies should no longer work.
There is a very small possibility that email address may have been able to be seen if they logged is as you, but they were looking for admin accounts
Anyone knows what maintainers should do to patch the vulnerability?
Been patched already in release 0.18.2-rc’s