Lucene search
HistoryFeb 04, 2015 - 6:59 p.m.
CVE-2014-9041
cve-2014-9041
owncloud
csrf
security vulnerability
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.4%
The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.
Affected configurations
Node
owncloudowncloudRange≤5.0.17
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
ORowncloudowncloudMatch5.0.5
ORowncloudowncloudMatch5.0.6
ORowncloudowncloudMatch5.0.7
ORowncloudowncloudMatch5.0.8
ORowncloudowncloudMatch5.0.9
ORowncloudowncloudMatch5.0.10
ORowncloudowncloudMatch5.0.11
ORowncloudowncloudMatch5.0.12
ORowncloudowncloudMatch5.0.13
ORowncloudowncloudMatch5.0.14
ORowncloudowncloudMatch5.0.14a
ORowncloudowncloudMatch5.0.15
ORowncloudowncloudMatch5.0.16
ORowncloudowncloudMatch6.0.0
ORowncloudowncloudMatch6.0.1
ORowncloudowncloudMatch6.0.2
ORowncloudowncloudMatch6.0.3
ORowncloudowncloudMatch6.0.4
ORowncloudowncloudMatch6.0.5
ORowncloudowncloudMatch7.0.0
ORowncloudowncloudMatch7.0.1
ORowncloudowncloudMatch7.0.2
Related
owncloud
owncloud
Server: CSRF in "bookmarks" application
2014-11-25 15:00:00
CSRF in "bookmarks" application - ownCloud
2014-11-25 18:40:51
nvd
nvd
CVE-2014-9041
2015-02-04 18:59:01
CVE-2014-9042
2015-02-04 18:59:02
cvelist
cvelist
CVE-2014-9041
2015-02-04 18:00:00
CVE-2014-9042
2015-02-04 18:00:00
prion
prion
Cross site request forgery (csrf)
2015-02-04 18:59:00
Cross site scripting
2015-02-04 18:59:00
cve
cve
CVE-2014-9042
2015-02-04 18:59:02
nessus
nessus
Mandriva Linux Security Advisory : owncloud (MDVSA-2015:190)
2015-04-03 00:00:00
openvas
openvas
ownCloud Multiple Vulnerabilities -02 (Feb 2015)
2015-02-19 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:190 ] owncloud
2015-05-05 00:00:00
owncloud multiple security vulnerabilities
2015-05-05 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.4%
Related for CVE-2014-9041