CSRF in appconfig.php - ownCloud

2012-07-10T17:16:52
ID OWNCLOUD:BE42C9D4123DBB3F386D269BF27D632C
Type owncloud
Reporter
Modified 2018-01-03T17:17:43

Description

Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.

Affected Software

  • ownCloud Server < 4.0.7 (CVE-2012-4391)

Action Taken

It is recommended that all instances are upgraded to ownCloud Server 4.0.7.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory: