Lucene search

K
owncloudowncloud.orgOWNCLOUD:BE42C9D4123DBB3F386D269BF27D632C
HistoryJul 10, 2012 - 5:16 p.m.

CSRF in appconfig.php - ownCloud

2012-07-1017:16:52
owncloud.org
38

0.001 Low

EPSS

Percentile

47.5%

Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.

Affected Software

  • ownCloud Server < 4.0.7 (CVE-2012-4391)

Action Taken

It is recommended that all instances are upgraded to ownCloud Server 4.0.7.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

CPENameOperatorVersion
owncloud serverlt4.0.7

0.001 Low

EPSS

Percentile

47.5%

Related for OWNCLOUD:BE42C9D4123DBB3F386D269BF27D632C