CVE-2023-3188: 
NixOS vulnerability analysis and mitigation

Server-Side Request Forgery (SSRF) vulnerability was discovered in GitHub repository owncast/owncast prior to version 0.1.0. This vulnerability allows unauthenticated attackers to exploit the Owncast server by forcing it to send HTTP requests to arbitrary locations using the GET HTTP method (NVD, Help Net Security).

The vulnerability has a CVSS v3.1 base score of 6.5 (MEDIUM) according to NVD, and 8.3 (HIGH) according to huntr.dev. The vulnerability allows attackers to specify arbitrary URL paths and query parameters in their requests. The issue was identified in the GetWebfingerLinks function of Owncast, where user-controlled input passed through the 'account' parameter is parsed as a URL, and subsequently, an HTTP request is issued to the specified host (Help Net Security).

The vulnerability enables unauthenticated attackers to force the Owncast server to make HTTP requests to arbitrary locations, potentially leading to unauthorized access to internal resources or services (NVD).

The vulnerability has been fixed in version 0.1.0 of Owncast. The fix involves disabling HTTP redirects to guard against possible SSRF attacks by implementing a custom HTTP client that does not follow redirections (GitHub Patch).