CVE-2023-3188
published 2023-06-10CVE-2023-3188: Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.
PriorityP342medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EXPLOIT
EPSS
1.36%
68.2th percentile
Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| owncast | owncast_owncast | >= unspecified < 0.1.0 | 0.1.0 |
| owncast_project | owncast | < 0.1.0 | 0.1.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →SSRF is triggered via a POST request to /api/remotefollow with a crafted 'account' parameter containing an attacker-controlled domain (e.g., OOB/interactsh URL). Monitor for outbound HTTP/DNS requests originating from the Owncast server process following such requests. ↗
- →A successful exploitation attempt returns a JSON response body containing both 'success":' and 'message":' keys with Content-Type application/json. Detect exploit attempts by alerting on POST /api/remotefollow requests where the account field contains an external or internal hostname. ↗
- →The vulnerability is unauthenticated (PR:N). No authentication headers are required to trigger the SSRF via the remotefollow endpoint. ↗
- →Confirm OOB interaction over both HTTP and DNS protocols as indicators of successful SSRF exploitation. ↗
- ·Affected versions are Owncast prior to 0.1.0. The SSRF endpoint /api/remotefollow is only present in vulnerable versions; upgrading to 0.1.0+ mitigates the issue. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv3.08.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Owncast - Server Side Request Forgery
nuclei·CVSS 6.5
CVE-2023-3188 [MEDIUM] Owncast - Server Side Request Forgery
Owncast - Server Side Request Forgery
Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.
Template:
id: CVE-2023-3188
info:
name: Owncast - Server Side Request Forgery
author: DhiyaneshDk
severity: medium
description: |
Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.
impact: |
Unauthenticated attackers can exploit SSRF through the account parameter in the remotefollow API to probe internal network services and potentially access sensitive internal resources.
remediation: |
Update Owncast to version 0.1.0 or later that validates federated account addresses and restricts remote follow requests to authorized domains only.
reference:
- https://owncast.online/
- https://nvd.nist.gov/vuln/detail/CVE-2023-3188
classif
2023-06-10
Published