53
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 10 Jul 2023
53 points (100.0% liked)
Sopuli's Default Community
1258 readers
1 users here now
Community for all jibber-jabber. As this is a hard-coded community for every instance, we may get this doing something useful.
Simple test posts to [email protected]
Meta-discussion regarding the instance and support in problem situations [email protected]
Yhteisö kaikenlaiselle pälätykselle. Koska tämä on kovakoodattu yhteisö jokaiselle instanssille, voimme tehdä tällä ehkä jotain hyödyllistä.
Yksinkertaiset testiviestit mielellään [email protected]
Instanssia koskeva metakeskustelu ja tuki ongelmatilanteissa [email protected]
founded 3 years ago
MODERATORS
Depends on the exploit really, but if they have admin access they have access to the info in your profile, so probably know your email address. I don't know enough about the backend infra to be sure, but I doubt Lemmy stores passwords in plain text in DBs, etc. and although they have admin access, they probably don't have access to the DB (again, a bit unfamiliar with all possibilities, but typically the DB is on a separate container/host/service independant of the frontend).
Does anyone have a link for details on the hack/exploit?
https://github.com/LemmyNet/lemmy-ui/pull/1897
Stealing instance admin auth tokens via cross site injection into custom emoji title.
Thanks for the explanation!