Lucene search

Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:B1402B69CE61145B7E62BF02F35AF07B

HistoryJan 06, 2016 - 6:55 p.m.

Reflected XSS in OCS provider discovery - ownCloud

2016-01-0618:55:54

Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.

owncloud.org

0.001 Low

EPSS

Percentile

48.5%

JSON

A Cross-site scripting (XSS) vulnerability in the OCS discovery provider in ownCloud Servers allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting.

Since ownCloud employs a strict Content-Security-Policy that forbids inline script execution this bug is unlikely to be exploitable on recent browsers that support Content-Security-Policy. (Firefox >= 23, Chrome >= 25, Safari >= 7, Microsoft Edge)

Affected Software

ownCloud Server < 8.2.2 (CVE-2016-1498)
- core/cccf4b607340f52cd0e9301c6e2813c121f2c236
ownCloud Server < 8.1.5 (CVE-2016-1498)
- core/ada757317422ab9be36e10a7b9a2a5597063521f
ownCloud Server < 8.0.10 (CVE-2016-1498)
- core/1d650169804b37b7e9864c8032c67dd48c99d08d
ownCloud Server < 7.0.12 (CVE-2016-1498)
- core/85e068a723c09d0f01ab3e10aa6a3f6a8c4c3227

Action Taken

The vulnerable component is now properly sanitizing the output.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.

CPENameOperatorVersion
owncloud serverlt8.0.10
owncloud serverlt8.1.5
owncloud serverlt8.2.2
owncloud serverlt7.0.12

Name	Operator	Version
owncloud server	lt	8.0.10
owncloud server	lt	8.1.5
owncloud server	lt	8.2.2
owncloud server	lt	7.0.12

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for OWNCLOUD:B1402B69CE61145B7E62BF02F35AF07B

cvelist1 cve1 ubuntucve1 owncloud1 prion1 nvd1 openvas3 freebsd1 nessus1 mageia1