Lucene search
+L

27 matches found

Cvelist
Cvelist
added 2023/11/27 12:0 a.m.41 views

CVE-2023-46480

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function...

9.8AI score0.01619EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.3 views

OwnCast Security Breach

Owncast is an open source, self-hosted, decentralized, single-user real-time video streaming and chat server. A security vulnerability exists in OwnCast version v.0.1.1, which originated from a vulnerability that allows remote attackers to obtain sensitive information or execute arbitrary code vi...

9.8CVSS7.5AI score0.01619EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.5 views

PT-2023-30044 · Owncast · Owncast

Name of the Vulnerable Software and Affected Versions: OwnCast version 0.1.1 Description: The issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. Recommendations: For OwnCast version 0.1.1, consider...

9.8CVSS8.2AI score0.01619EPSS
Exploits0References6
OSV
OSV
added 2023/11/27 12:0 a.m.34 views

CVE-2023-46480

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function...

9.8CVSS9.6AI score0.01619EPSS
Exploits0References4
Veracode
Veracode
added 2020/11/26 4:56 a.m.12 views

Authorization Bypass

datasetteindieauth is vulnerable to authorization bypass. The vulnerability exists because it does not check that the final me URL value returned by the authorization server belongs to the same domain as the initial value entered by the user, allowing an attacker to sign in using any IndieAuth...

4.2AI score
Exploits0
OSV
OSV
added 2020/11/24 9:21 p.m.8 views

GHSA-MJCR-RQJG-RHG3 Implementation trusts the "me" field returned by the authorization server without verifying it

Impact A malicious user can sign in as a user with any IndieAuth identifier. This is because the implementation does not verify that the final "me" URL value returned by the authorization server belongs to the same domain as the initial value entered by the user. Patches Version 1.1 fixes this...

6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/11/24 9:21 p.m.30 views

Implementation trusts the "me" field returned by the authorization server without verifying it

Impact A malicious user can sign in as a user with any IndieAuth identifier. This is because the implementation does not verify that the final "me" URL value returned by the authorization server belongs to the same domain as the initial value entered by the user. Patches Version 1.1 fixes this...

2.9AI score
Exploits0References4Affected Software1
Rows per page
Query Builder