CVE-2023-46480

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OwnCast version 0.1.1

Description The issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.

Recommendations For OwnCast version 0.1.1, consider disabling the indieauth function until a patch is available to prevent exploitation. Avoid using the authHost parameter in the affected function to minimize the risk of arbitrary code execution and sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-918

Related Identifiers

CVE-2023-46480

GHSA-392H-R46J-Q24P

Affected Products

Owncast

CVE-2023-46480

Weakness Enumeration

Related Identifiers

Affected Products

References · 6