CVE-2024-29026

Опубликовано: 20 мар. 2024

Источник: nvd

CVSS3: 8.2

CVSS3: 9.1

EPSS Низкий

Описание

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue.

Ссылки

https://github.com/owncast/owncast/blob/v0.1.2/router/middleware/auth.go#L32
Product
https://github.com/owncast/owncast/commit/9215d9ba0f29d62201d3feea9e77dcd274581624
Patch
https://securitylab.github.com/advisories/GHSL-2023-261_Owncast/
Exploit
Third Party Advisory
https://github.com/owncast/owncast/blob/v0.1.2/router/middleware/auth.go#L32
Product
https://github.com/owncast/owncast/commit/9215d9ba0f29d62201d3feea9e77dcd274581624
Patch
https://securitylab.github.com/advisories/GHSL-2023-261_Owncast/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:owncast_project:owncast:*:*:*:*:*:*:*:*

Версия до 0.1.2 (включая)

EPSS

Процентиль: 35%

0.00142

Низкий

8.2 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-v99w-r56h-g23v

CVSS3: 8.2

github

больше 1 года назад

Owncast Cross-Site Request Forgery vulnerability

EPSS

Процентиль: 35%

0.00142

Низкий

8.2 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-352