Lucene search

Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:91E1ED0CD00191A83BB9CBCCFB368A1E

HistoryFeb 20, 2013 - 5:30 p.m.

Multiple CSRF vulnerabilities - ownCloud

2013-02-2017:30:13

Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.

owncloud.org

EPSS

0.001

Percentile

50.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via

the “lat” and “lng” POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ (CVE-2013-0299)
- Commits: 452a626 (stable45), 015ac6a (stable4)
- Risk: Negligible
- Note: Successful exploitation of this CSRF requires the “calendar” app to be enabled (enabled by default).
- Impact: An attacker may be able to change the timezone of the user.
the “timezonedetection” POST parameter to timezonedetection.php in /apps/calendar/ajax/settings/ (CVE-2013-0299)
- Commits: 452a626 (stable45) , 97d0cee (stable4)
- Risk: Negligible
- Note: Successful exploitation of this CSRF requires the “calendar” app to be enabled (enabled by default).
- Impact: An attacker may be able to disable or enable the automatic timezone detection.
the “admin_export” POST parameter to settings.php in /apps/admin_migrate/ (CVE-2013-0299)
- Commits: bc93744 (stable45), 28dc89e (stable4)
- Risk: Moderate
- Note: Successful exploitation of this CSRF requires the “admin_migrate” app to be enabled (disabled by default).
- Impact: An attacker may be able to import an user account.
the “operation” POST parameter to export.php in /apps/user_migrate/ajax/ (CVE-2013-0299)
- Commits: 2de405a (stable45), de9befd (stable4)
- Risk: Moderate
- Note: Successful exploitation of this CSRF requires the “user_migrate” app to be enabled (disabled by default).
- Impact: An attacker may be able to overwrite files of the logged in user.
multiple unspecified POST parameters to settings.php in /apps/user_ldap/ (CVE-2013-0299)
- Commits: 5ec272d (stable45), b966095 (stable4)
- Risk: High
- Note: Successful exploitation of this CSRF requires the “user_ldap” app to be enabled (disabled by default).
- Impact: An attacker may be able to change the authentication server URL.

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.6 and all prior versions (except 4.0.x) allows remote attackers to hijack the authentication for users via

the “v” POST parameter to changeview.php in /apps/calendar/ajax/ (CVE-2013-0300)
- Commits: 452a626 (stable45)
- Risk: Negligible
- Note: Successful exploitation of this CSRF requires the “calendar” app to be enabled (enabled by default).
- Impact: An attacker may be able to change the default view of an user.
multiple unspecified parameters to addRootCertificate.php, dropbox.php and google.php in /apps/files_external/ajax/ (CVE-2013-0300)
- Commits: 2e819d6 + 24a7381e9f (stable45)
- Risk: Medium
- Note: Successful exploitation of this CSRF requires the “files_external” app to be enabled (disabled by default).
- Impact: An attacker may be able to mount arbitrary Google Drive or Dropbox folders to the internal filesystem.
multiple unspecified POST parameters to settings.php in /apps/user_webdavauth/ (CVE-2013-0300)
- Commits: 9282641 (stable45)
- Risk: High
- Note: Successful exploitation of this CSRF requires the “user_webdavauth” app to be enabled (disabled by default).
- Impact: An attacker may be able to change the authentication server URL.

A cross-site request forgery (CSRF) vulnerability in ownCloud 4.0.11 and all prior versions allows remote attackers to hijack the authentication for users via

the “timezone” POST parameter to settimezone in /apps/calendar/ajax/settings/ (CVE-2013-0301)
- Commits: 97d0cee (stable4)
- Risk: Negligible
- Note: Successful exploitation of this CSRF requires the “calendar” app to be enabled (enabled by default).
- Impact: An attacker may be able to change the timezone of an user.