Lucene search

[email protected]CVE-2014-3836

HistoryJun 04, 2014 - 2:55 p.m.

CVE-2014-3836

2014-06-0414:55:04

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-3836

csrf

cross-site request forgery

owncloud server

xss

file modification

file renaming

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.

Affected configurations

NVD

Node

owncloudowncloudRange≤6.0.2

owncloudowncloudMatch6.0.0

owncloudowncloudMatch6.0.1

CPENameOperatorVersion
owncloud:owncloudowncloudle6.0.2
owncloud:owncloudowncloudeq6.0.0
owncloud:owncloudowncloudeq6.0.1

CPE	Name	Operator	Version
owncloud:owncloud	owncloud	le	6.0.2
owncloud:owncloud	owncloud	eq	6.0.0
owncloud:owncloud	owncloud	eq	6.0.1

References

owncloud.org/about/security/advisories/oc-sa-2014-014/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for CVE-2014-3836

owncloud2 cvelist1 prion1 nvd1 ubuntucve1 openvas1