-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the RequireAdminAuth middleware function in auth.go, which originally implemented a permissive CORS policy by dynamically setting 'Access-Control-Allow-Origin' to the request's Origin header. This allowed arbitrary origins to make authenticated admin requests using browser credentials. The fix in commit 9215d9b explicitly restricts the origin to localhost:3000. Security advisories and the CWE-352 classification confirm this as a CSRF vulnerability enabled by improper CORS handling in authentication middleware.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/owncast/owncast | go | <= 0.1.2 | 0.1.3 |
A Semantic Attack on Google Gemini - Read the Latest Research