Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2024-29026 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-29026

CVE-2024-29026

HIGH8.2

Owncast cross origin request

Published Mar 20, 2024

Modified 1 years ago

Details

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue.

References

https://github.com/owncast/owncast/blob/v0.1.2/router/middleware/auth.go#L32

https://github.com/owncast/owncast/commit/9215d9ba0f29d62201d3feea9e77dcd274581624

https://securitylab.github.com/advisories/GHSL-2023-261_Owncast/

https://www.cve.org/CVERecord?id=CVE-2024-29026

CVSS Analysis

CVSS v3.1

8.2

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

HighI:H

Availability

NoneA:N

8.2/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Weakness Type (CWE)

Authentication

Cross-Site Request Forgery (CSRF)

Other

Ecosystems

Timeline

PublishedMar 20, 2024

ModifiedAug 2, 2024