Cross site request forgery (csrf)

2021-02-0919:15:00

PRIOn knowledge base

www.prio-n.com

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.

CPENameOperatorVersion
owncloudlt10.6.0

CPE	Name	Operator	Version
	owncloud	lt	10.6.0

References

owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/