Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast, an open-source, self-hosted, decentralized, single-user live video streaming and chat server written in Go. CVE-2023-3188, labeled as an Unauthenticated Blind Server-Side Request Forgery (SSRF), could potentially allow unauthenticated attackers to exploit the Owncast server by … More
The post Owncast, EaseProbe security vulnerabilities revealed appeared first on Help Net Security.