CVE-2024-29026

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue.
Configurations

No configuration.

History

20 Mar 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-20 22:15

Updated : 2024-03-21 12:58


NVD link : CVE-2024-29026

Mitre link : CVE-2024-29026

CVE.ORG link : CVE-2024-29026


JSON object : View

Products Affected

No product.

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-697

Incorrect Comparison