Lucene search
HistoryFeb 04, 2015 - 6:59 p.m.
CVE-2014-9041
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
52.4%
The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.
Affected configurations
Node
owncloudowncloudRange≤5.0.17
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
ORowncloudowncloudMatch5.0.5
ORowncloudowncloudMatch5.0.6
ORowncloudowncloudMatch5.0.7
ORowncloudowncloudMatch5.0.8
ORowncloudowncloudMatch5.0.9
ORowncloudowncloudMatch5.0.10
ORowncloudowncloudMatch5.0.11
ORowncloudowncloudMatch5.0.12
ORowncloudowncloudMatch5.0.13
ORowncloudowncloudMatch5.0.14
ORowncloudowncloudMatch5.0.14a
ORowncloudowncloudMatch5.0.15
ORowncloudowncloudMatch5.0.16
ORowncloudowncloudMatch6.0.0
ORowncloudowncloudMatch6.0.1
ORowncloudowncloudMatch6.0.2
ORowncloudowncloudMatch6.0.3
ORowncloudowncloudMatch6.0.4
ORowncloudowncloudMatch6.0.5
ORowncloudowncloudMatch7.0.0
ORowncloudowncloudMatch7.0.1
ORowncloudowncloudMatch7.0.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| owncloud | owncloud | * | cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.0 | cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.1 | cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.2 | cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.3 | cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.4 | cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.5 | cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.6 | cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.7 | cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:* |
| owncloud | owncloud | 5.0.8 | cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:* |
Related
owncloud
owncloud
CSRF in "bookmarks" application - ownCloud
2014-11-25 18:40:51
Server: CSRF in "bookmarks" application
2014-11-25 15:00:00
cve
cve
CVE-2014-9041
2015-02-04 18:59:01
CVE-2014-9042
2015-02-04 18:59:02
cvelist
cvelist
CVE-2014-9041
2015-02-04 18:00:00
CVE-2014-9042
2015-02-04 18:00:00
prion
prion
Cross site request forgery (csrf)
2015-02-04 18:59:00
Cross site scripting
2015-02-04 18:59:00
nvd
nvd
CVE-2014-9042
2015-02-04 18:59:02
openvas
openvas
ownCloud Multiple Vulnerabilities -02 (Feb 2015)
2015-02-19 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:190 ] owncloud
2015-05-05 00:00:00
owncloud multiple security vulnerabilities
2015-05-05 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : owncloud (MDVSA-2015:190)
2015-04-03 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
52.4%
Related for NVD:CVE-2014-9041