Lucene search
HistoryMar 14, 2014 - 4:55 p.m.
CVE-2013-2048
cve-2013-2048
owncloud
permissions
remote attackers
csrf
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.4%
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
Affected configurations
Node
owncloudowncloudRange≤5.0.5
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
Related
owncloud
owncloud
Server: Privilege escalation and CSRF in the API
2013-05-14 11:42:22
Privilege escalation and CSRF in the API - ownCloud
2013-05-14 18:12:19
ubuntucve
ubuntucve
CVE-2013-2048
2014-03-14 00:00:00
cvelist
cvelist
CVE-2013-2048
2014-03-14 16:00:00
prion
prion
Cross site request forgery (csrf)
2014-03-14 16:55:00
nvd
nvd
CVE-2013-2048
2014-03-14 16:55:05
openvas
openvas
ownCloud Multiple Vulnerabilities - 01 (May 2014)
2014-05-06 00:00:00
freebsd
freebsd
owncloud -- Multiple security vulnerabilities
2013-05-14 00:00:00
nessus
nessus
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.4%
Related for CVE-2013-2048