Lucene search
OwnCloudOWNCLOUD:D78CD197C02B7BECCE9C23DBB3215C6EHistoryOct 18, 2022 - 12:00 a.m.
URL spoofing in password reset mail - ownCloud
2022-10-1800:00:00
owncloud.com
19
url spoofing
owncloud
password reset
software
misconfiguration
docker image
trusted domains
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
31.5%
The docker image of the ownCloud server contained a misconfiguration which rendered the ‘trusted_domains’ config useless. This could be abused to spoof the URL in password reset mails.
Affected configurations
Node
dockerstorm_docker_imageRange≤10.11
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server docker image | le | 10.11 |
Related
nvd
nvd
CVE-2022-43679
2022-11-10 21:15:11
cvelist
cvelist
CVE-2022-43679
2022-11-10 00:00:00
cve
cve
CVE-2022-43679
2022-11-10 21:15:11
prion
prion
Design/Logic Flaw
2022-11-10 21:15:00
osv
osv
CVE-2022-43679
2022-11-10 21:15:11
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
31.5%
Related for OWNCLOUD:D78CD197C02B7BECCE9C23DBB3215C6E