Mastodon Leaks Admin Search API Keys

This came specifically from the info sec.exchange instance where files uploaded to storage buckets were left unsecured and publicly accessible. This is one of those stories where a lot of this kind of went over my head like I know I kind of know what an API is and I know what admin capabilities are but a lot of the other details kind of go over my head. The types of apps that they found this vulnerability in include food and drink, education, fitness, photography, lifestyle, productivity, medical and business.

Transcript

Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

Get the app