Vulnerabilities > CVE-2023-46480 - Server-Side Request Forgery (SSRF) vulnerability in Owncast Project Owncast 0.1.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

owncast-project

CWE-918

critical

NVD

Published: 2023-11-27

Updated: 2023-12-01

Summary

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.

Vulnerable Configurations

Part	Description	Count
Application	Owncast_Project Owncast Project Owncast 0.1.1	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/owncast/owncast
https://github.com/shahzaibak96/CVE-2023-46480