CVE-2022-48364: 
NixOS vulnerability analysis and mitigation

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. The vulnerability was discovered on April 20, 2022 and patched in version 3.5.3 released on May 26, 2022 (Mastodon Changelog).

The vulnerability stems from the undomarkstatusesassensitive method using @currentaccount.id instead of representativeaccount.id when calling UpdateStatusService. This implementation error causes the action to be recorded under the moderator's identity rather than the server's representative account, which is intended to anonymize moderator actions (GitHub Advisory). The vulnerability has a CVSS v3.1 Base Score of 4.3 MEDIUM (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) (NVD).

When a moderator approves an appeal of a post previously marked as sensitive, their identity would be exposed in the post's edit history, which is visible to anyone who can see the post. This breaks the intended anonymity of moderation actions and could potentially expose moderators to harassment or retaliation (GitHub Advisory).

The vulnerability was fixed in Mastodon version 3.5.3. Server administrators should upgrade to version 3.5.3 or later to protect moderator identities. The fix involves using the server's representative account instead of the moderator's account when removing sensitive marking through appeal approval (GitHub Advisory).