• 0 Posts
  • 4 Comments
Joined 1Y ago
cake
Cake day: Jun 17, 2023
help-circle
rss
@redcalcium@c.calciumlabs.comtoFediverse@lemmy.mlβ€’PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)
link
fedilink
5β€’
edit-2
1Y

I see a new lemmy-ui docker image has been pushed an hour ago, tagged 0.18.2-rc.1. Anyone know if it fixed the issue?

Edit: yep, it’s fixed: https://github.com/LemmyNet/lemmy-ui/commit/e80bcf53acb8ce25ed5ef6b7eb16b90f0b07e8f1

link
fedilink
@redcalcium@c.calciumlabs.comtoFediverse@lemmy.mlβ€’PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)
link
fedilink
4β€’1Y

XSS is a blanket term for vulnerabilities that allows attackers to inject client-side scripts. Looks like someone is already identified and submitted a pull request that contain a fix: https://github.com/LemmyNet/lemmy-ui/pull/1897/files

link
fedilink
@redcalcium@c.calciumlabs.comtoFediverse@lemmy.mlβ€’PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)
link
fedilink
4β€’1Y

You would think an admin account would have 2fa enabled (unless the hack was due to a security issue in lemmy itself, but it doesn’t seem to be the case).

link
fedilink
@redcalcium@c.calciumlabs.comtoFediverse@lemmy.mlβ€’PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)
link
fedilink
11β€’1Y

It seems the database and the server itself is not compromised? Just an admin account that used to post a markdown XSS exploit?

link
fedilink