FreeBSDD7A43EE6-D2D5-11E2-9894-002590082AC6owncloud -- Multiple security vulnerabilities
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
61.4%
The ownCloud development team reports:
oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections.
Credit to Mateusz Goik (aliantsoft.pl).
oC-SA-2013-020 / CVE-2013-[2039,2085]: Multiple directory traversals.
Credit to Mateusz Goik (aliantsoft.pl).
oC-SQ-2013-021 / CVE-2013-[2040-2042]: Multiple XSS vulnerabilities.
Credit to Mateusz Goik (aliantsoft.pl) and Kacper R. (http://devilteam.pl).
oC-SA-2013-022 / CVE-2013-2044: Open redirector.
Credit to Mateusz Goik (aliantsoft.pl).
oC-SA-2013-023 / CVE-2013-2047: Password autocompletion.
oC-SA-2013-024 / CVE-2013-2043: Privilege escalation in the calendar application.
Credit to Mateusz Goik (aliantsoft.pl).
oC-SA-2013-025 / CVE-2013-2048: Privilege escalation and CSRF in the API.
oC-SA-2013-026 / CVE-2013-2089: Incomplete blacklist vulnerability.
oC-SA-2013-027 / CVE-2013-2086: CSRF token leakage.
oC-SA-2013-028 / CVE-2013-[2149-2150]: Multiple XSS vulnerabilities.
References
owncloud.org/about/security/advisories/oC-SA-2013-019/
owncloud.org/about/security/advisories/oC-SA-2013-020/
owncloud.org/about/security/advisories/oC-SA-2013-021/
owncloud.org/about/security/advisories/oC-SA-2013-022/
owncloud.org/about/security/advisories/oC-SA-2013-023/
owncloud.org/about/security/advisories/oC-SA-2013-024/
owncloud.org/about/security/advisories/oC-SA-2013-025/
owncloud.org/about/security/advisories/oC-SA-2013-026/
owncloud.org/about/security/advisories/oC-SA-2013-027/
owncloud.org/about/security/advisories/oC-SA-2013-028/
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
61.4%