Lucene search
HistoryFeb 04, 2015 - 6:59 p.m.
CVE-2014-9041
cve-2014-9041
owncloud
csrf
security vulnerability
nvd
6.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.2%
The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.
Affected configurations
Node
owncloudowncloudRange≤5.0.17
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
ORowncloudowncloudMatch5.0.5
ORowncloudowncloudMatch5.0.6
ORowncloudowncloudMatch5.0.7
ORowncloudowncloudMatch5.0.8
ORowncloudowncloudMatch5.0.9
ORowncloudowncloudMatch5.0.10
ORowncloudowncloudMatch5.0.11
ORowncloudowncloudMatch5.0.12
ORowncloudowncloudMatch5.0.13
ORowncloudowncloudMatch5.0.14
ORowncloudowncloudMatch5.0.14a
ORowncloudowncloudMatch5.0.15
ORowncloudowncloudMatch5.0.16
ORowncloudowncloudMatch6.0.0
ORowncloudowncloudMatch6.0.1
ORowncloudowncloudMatch6.0.2
ORowncloudowncloudMatch6.0.3
ORowncloudowncloudMatch6.0.4
ORowncloudowncloudMatch6.0.5
ORowncloudowncloudMatch7.0.0
ORowncloudowncloudMatch7.0.1
ORowncloudowncloudMatch7.0.2
Related
owncloud
owncloud
CSRF in "bookmarks" application - ownCloud
2014-11-25 18:40:51
Server: CSRF in "bookmarks" application
2014-11-25 15:00:00
prion
prion
Cross site request forgery (csrf)
2015-02-04 18:59:00
Cross site scripting
2015-02-04 18:59:00
cvelist
cvelist
CVE-2014-9041
2015-02-04 18:00:00
CVE-2014-9042
2015-02-04 18:00:00
nvd
nvd
CVE-2014-9041
2015-02-04 18:59:01
CVE-2014-9042
2015-02-04 18:59:02
cve
cve
CVE-2014-9042
2015-02-04 18:59:02
securityvulns
securityvulns
[ MDVSA-2015:190 ] owncloud
2015-05-05 00:00:00
owncloud multiple security vulnerabilities
2015-05-05 00:00:00
openvas
openvas
ownCloud Multiple Vulnerabilities -02 (Feb 2015)
2015-02-19 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : owncloud (MDVSA-2015:190)
2015-04-03 00:00:00
6.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.2%
Related for CVE-2014-9041