CVE-2024-29026

Name of the Vulnerable Software and Affected Versions Owncast versions 0.1.2 and prior

Description Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. A lenient CORS policy allows attackers to make a cross origin request, reading privileged information, which can be used to leak the admin password.

Recommendations For versions 0.1.2 and prior, update to a version that includes the fix from commit 9215d9ba0f29d62201d3feea9e77dcd274581624 to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.