{"vulnerability": "cve-2022-48364", "sightings": [{"uuid": "4c5c3254-a439-4fec-9d14-bf3396ffb4d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48364", "type": "seen", "source": "Telegram/zvIrm9y4EJ-eIJ9mGhyJ-ioCdSG4IHPkk01zk7QpecsKfgKW", "content": "", "creation_timestamp": "2025-03-08T04:34:11.000000Z"}, {"uuid": "0d173da3-4523-460c-a389-6762abd4ffaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48364", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48364\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.\n\ud83d\udccf Published: 2023-03-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-06T20:02:21.461Z\n\ud83d\udd17 References:\n1. https://github.com/mastodon/mastodon/pull/18525\n2. https://github.com/mastodon/mastodon/compare/v3.5.2...v3.5.3\n3. https://github.com/40826d/advisories/blob/master/CVE-2022-48364/README.md\n4. https://github.com/mastodon/mastodon/blob/main/CHANGELOG.md#353---2022-05-26", "creation_timestamp": "2025-03-06T20:34:11.000000Z"}, {"uuid": "82b32c16-9717-4158-84f3-4079d9601bae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48364", "type": "seen", "source": "https://t.me/cibsecurity/59480", "content": "\u203c CVE-2022-48364 \u203c\n\nThe undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T16:12:54.000000Z"}]}