cbcvebase.
CVE-2023-3188
published 2023-06-10

CVE-2023-3188: Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.

PriorityP342medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EXPLOIT
EPSS
1.36%
68.2th percentile
Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
owncastowncast_owncast>= unspecified < 0.1.00.1.0
owncast_projectowncast< 0.1.00.1.0

Detection & IOCsextracted from sources · hover to see the quote

urlPOST /api/remotefollow HTTP/1.1
path/api/remotefollow
  • SSRF is triggered via a POST request to /api/remotefollow with a crafted 'account' parameter containing an attacker-controlled domain (e.g., OOB/interactsh URL). Monitor for outbound HTTP/DNS requests originating from the Owncast server process following such requests.
  • A successful exploitation attempt returns a JSON response body containing both 'success":' and 'message":' keys with Content-Type application/json. Detect exploit attempts by alerting on POST /api/remotefollow requests where the account field contains an external or internal hostname.
  • The vulnerability is unauthenticated (PR:N). No authentication headers are required to trigger the SSRF via the remotefollow endpoint.
  • Confirm OOB interaction over both HTTP and DNS protocols as indicators of successful SSRF exploitation.
  • ·Affected versions are Owncast prior to 0.1.0. The SSRF endpoint /api/remotefollow is only present in vulnerable versions; upgrading to 0.1.0+ mitigates the issue.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv3.08.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.