CVE-2023-46480

CRITICAL

OwnCast 0.1.1 - Server-Side Request Forgery via indieauth authHost Parameter

Title source: llm

Description

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.

References (2)

Core 2

Core References

Product

https://github.com/owncast/owncast

Third Party Advisory

https://github.com/shahzaibak96/CVE-2023-46480

Scores

CVSS v3 9.8

EPSS 0.0162

EPSS Percentile 73.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-918 CWE-94

Status published

Products (2)

owncast/owncast 0Go

owncast_project/owncast 0.1.1

Published Nov 27, 2023

Tracked Since Feb 18, 2026