Server: CSRF token leakage

ID OC-SA-2013-027
Type owncloud
Reporter ownCloud
Modified 2013-05-14T11:42:22


The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0