CVE-2024-31450

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31450
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The parameter name is taken from the JSON request and directly appended to the filepath that points to the emoji to delete. By using path traversal sequences (../), attackers with administrative privileges can exploit this endpoint to delete arbitrary files on the system, outside of the emoji directory. This vulnerability is fixed in 0.1.3.

2.7 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/owncast/owncast/blob/v0.1.2/controllers/admin/emoji.go#L63
https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e
https://github.com/owncast/owncast/releases/tag/v0.1.3
https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/
Configurations

No configuration.

History

22 Apr 2024, 13:28

Type Values Removed Values Added
Summary
  • (es) Owncast es un servidor de chat y transmisión de video en vivo de código abierto, autohospedado, descentralizado y de un solo usuario. La aplicación Owncast expone una API de administrador en la URL /api/admin. El endpoint emoji/eliminar de dicha API permite a los administradores eliminar emojis personalizados, que se guardan en el disco. El nombre del parámetro se toma de la solicitud JSON y se agrega directamente a la ruta del archivo que apunta al emoji que se eliminará. Al utilizar secuencias de path traversal (../), los atacantes con privilegios administrativos pueden aprovechar este endpoint para eliminar archivos arbitrarios en el sistema, fuera del directorio emoji. Esta vulnerabilidad se solucionó en 0.1.3.

19 Apr 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-19 19:15

Updated : 2024-04-22 13:28

NVD link : CVE-2024-31450

Mitre link : CVE-2024-31450

CVE.ORG link : CVE-2024-31450

JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')