Due to not verifying the CSRF token on the import functionality of the “bookmarks” application, it was vulnerable against CSRF attacks.
The “bookmarks” application is disabled by default.
An unauthenticated attacker could have used this to import bookmarks into the “bookmarks” application if the victim visits a specially crafted website and is logged-in into the ownCloud instance at the same time.
Furthermore, an unauthenticated attacker could leverage this vulnerability with oC-SA-2014-028 resulting in a potential Cross-site scripting vulnerability.
The import functionality is now verifying the CSRF token.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
CPE | Name | Operator | Version |
---|---|---|---|
owncloud server | lt | 5.0.18 | |
owncloud server | lt | 6.0.6 | |
owncloud server | lt | 7.0.3 |