Lucene search
OwnCloudOC-SA-2014-027HistoryNov 25, 2014 - 3:00 p.m.
Server: CSRF in "bookmarks" application
2014-11-2515:00:00
owncloud.org
26
0.002 Low
EPSS
Percentile
52.4%
Due to not verifying the CSRF token on the import functionality of the “bookmarks” application, it was vulnerable against CSRF attacks.
The “bookmarks” application is disabled by default.
An unauthenticated attacker could have used this to import bookmarks into the “bookmarks” application if the victim visits a specially crafted website and is logged-in into the ownCloud instance at the same time.
Furthermore, an unauthenticated attacker could leverage this vulnerability with oC-SA-2014-028 resulting in a potential Cross-site scripting vulnerability.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 5.0.18 | |
| owncloud server | lt | 6.0.6 | |
| owncloud server | lt | 7.0.3 |
Related
owncloud
owncloud
CSRF in "bookmarks" application - ownCloud
2014-11-25 18:40:51
nvd
nvd
CVE-2014-9041
2015-02-04 18:59:01
CVE-2014-9042
2015-02-04 18:59:02
cve
cve
CVE-2014-9041
2015-02-04 18:59:01
CVE-2014-9042
2015-02-04 18:59:02
cvelist
cvelist
CVE-2014-9041
2015-02-04 18:00:00
CVE-2014-9042
2015-02-04 18:00:00
prion
prion
Cross site request forgery (csrf)
2015-02-04 18:59:00
Cross site scripting
2015-02-04 18:59:00
nessus
nessus
Mandriva Linux Security Advisory : owncloud (MDVSA-2015:190)
2015-04-03 00:00:00
openvas
openvas
ownCloud Multiple Vulnerabilities -02 (Feb 2015)
2015-02-19 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:190 ] owncloud
2015-05-05 00:00:00
owncloud multiple security vulnerabilities
2015-05-05 00:00:00