ownCloud XSS and CSRF Protection Bypass Vulnerabilities (Mar 2018) - Linux

2018-03-2300:00:00

plugins.openvas.org

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.5%

JSON

ownCloud is prone to XSS and CSRF vulnerabilities.

# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:owncloud:owncloud";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.813054");
  script_version("2024-02-09T05:06:25+0000");
  script_cve_id("CVE-2014-1665");
  script_tag(name:"cvss_base", value:"3.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-04-13 16:26:00 +0000 (Fri, 13 Apr 2018)");
  script_tag(name:"creation_date", value:"2018-03-23 12:50:26 +0530 (Fri, 23 Mar 2018)");
  script_name("ownCloud XSS and CSRF Protection Bypass Vulnerabilities (Mar 2018) - Linux");

  script_tag(name:"summary", value:"ownCloud is prone to XSS and CSRF vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws are due to an insufficient
  validation of user supplied input for the 'filename' while uploading file.");

  script_tag(name:"impact", value:"Successfully exploitation will allow remote
  attackers to conduct an XSS attack when the victim tries to either view the
  contents of the file or delete the file. If the victim is an ownCloud
  administrator, an attacker can force the mounting of the webserver's local
  file system, leading to unauthorized access to server resources and potentially
  shell access.");

  script_tag(name:"affected", value:"ownCloud version 6.0.0a.");

  script_tag(name:"solution", value:"Update to version 6.0.1 or later.
  If upgrading is not an option, then the file can be removed by either
  1) manually removing the file from the disk via command line interface, or
  2) first renaming the file to something else and then deleting the file.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");
  script_xref(name:"URL", value:"https://www.exploit-db.com/exploits/31427");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65457");
  script_xref(name:"URL", value:"https://packetstormsecurity.com/files/125086");
  script_copyright("Copyright (C) 2018 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_dependencies("gb_owncloud_http_detect.nasl", "os_detection.nasl");
  script_mandatory_keys("owncloud/detected", "Host/runs_unixoide");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!port = get_app_port(cpe:CPE))
  exit(0);

if(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(vers == "6.0.0a") {
  report = report_fixed_ver(installed_version:vers, fixed_version: "6.0.1 or later", install_path:path);
  security_message(port:port, data:report);
  exit(0);
}

exit(99);