Post AW2q1cmOjpRlxuvSCG by Ryle@awoo.fyi
 (DIR) More posts by Ryle@awoo.fyi
 (DIR) Post #AW2q1cmOjpRlxuvSCG by Ryle@awoo.fyi
       2023-05-26T08:41:33.317969Z
       
       2 likes, 0 repeats
       
       Just to reassure local users, there has been a recent attack against other instances, a privilege escalation where attackers were able to acquire administrator oauth tokens through media attachments. Awoo is not vulnerable to this attack because we have a seperate media subdomain for our own hosted content that exists outside the content security policy of the root domain and for external media, we use a different domain all together.