Server: CSRF token leakage

2013-05-14T11:42:22
ID OC-SA-2013-027
Type owncloud
Reporter ownCloud
Modified 2013-05-14T11:42:22

Description

The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.


For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0