Server: CSRF in documents

2014-05-24T11:54:29
ID OC-SA-2014-014
Type owncloud
Reporter ownCloud
Modified 2014-05-24T11:54:29

Description

Due to not verifying whether a request was intentionally provided by the user who submitted an request the documents application is vulnerable against several CSRF attacks.

An attacker could have used this to arbitrary modify existing files or rename it.


For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0