Lucene search
OwnCloudOC-SA-2012-017HistoryJul 01, 2012 - 11:42 a.m.
Server: Several CSRF security fixes
2012-07-0111:42:22
owncloud.org
27
0.004 Low
EPSS
Percentile
72.3%
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use
- addBookmark.php in bookmarks/ajax/
- delBookmark.php in bookmarks/ajax/
- editBookmark.php in bookmarks/ajax/
- calendar/delete.php in calendar/ajax/
- calendar/edit.php in calendar/ajax/
- calendar/new.php in calendar/ajax/
- calendar/update.php in calendar/ajax/
- event/delete.php in calendar/ajax/
- event/edit.php in calendar/ajax/
- event/move.php in calendar/ajax/
- event/new.php in calendar/ajax/
- import/import.php in calendar/ajax/
- settings/setfirstday.php in calendar/ajax/
- settings/settimeformat.php in calendar/ajax/
- share/changepermission.php in calendar/ajax/
- share/share.ph in calendar/ajax/
- share/unshare.php in calendar/ajax/
- external/ajax/setsites.php in apps/
- files/ajax/delete.php in apps/
- files/ajax/move.php in apps/
- files/ajax/newfile.php in apps/
- files/ajax/newfolder.php in apps/
- files/ajax/rename.php in apps/
- files_sharing/ajax/email.php in apps/
- files_sharing/ajax/setpermissions.php in apps/
- files_sharing/ajax/share.php in apps/
- files_sharing/ajax/toggleresharing.php in apps/
- files_sharing/ajax/togglesharewitheveryone.php in apps/
- files_sharing/ajax/unshare.php in apps/
- files_texteditor/ajax/savefile.php in apps/
- files_versions/ajax/rollbackVersion.php in apps/
- gallery/ajax/createAlbum.php in apps/
- gallery/ajax/sharing.php in apps/
- tasks/ajax/addtask.php in apps/
- tasks/ajax/addtaskform.php in apps/
- tasks/ajax/delete.php in apps/
- tasks/ajax/edittask.php in apps/
or administrators for requests that use
- changepassword.php in settings/ajax/
- creategroup.php in settings/ajax/
- createuser.php in settings/ajax/
- disableapp.php in settings/ajax/
- enableapp.php in settings/ajax/
- lostpassword.php in settings/ajax/
- removegroup.php in settings/ajax/
- removeuser.php in settings/ajax/
- setlanguage.php in settings/ajax/
- setloglevel.php in settings/ajax/
- setquota.php in settings/ajax/
- togglegroups.php in settings/ajax/
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 4.0.6 |
Related
owncloud
owncloud
Several CSRF security fixes - ownCloud
2012-07-01 17:19:52
Server: Auth bypass in index.php
2012-07-01 11:42:22
Auth bypass in index.php - ownCloud
2012-07-01 17:18:39
nvd
nvd
CVE-2012-4393
2012-09-05 23:55:02
CVE-2012-4752
2012-09-05 23:55:03
cve
cve
CVE-2012-4393
2022-10-03 16:15:32
CVE-2012-4752
2022-10-03 16:15:34
ubuntucve
ubuntucve
CVE-2012-4393
2012-09-05 00:00:00
CVE-2012-4752
2012-09-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2012-09-05 23:55:00
Code injection
2012-09-05 23:55:00
cvelist
cvelist
CVE-2012-4393
2022-10-03 16:15:32
CVE-2012-4752
2022-10-03 16:15:34
openvas
openvas
ownCloud < 4.0.6 Multiple Vulnerabilities (oC-SA-2012-016, oC-SA-2012-017)
2021-09-21 00:00:00