CVE-2020-28644
The CVE-2020-28644 case involves ownCloud Core prior to 10.6, where CSRF protection for cookie-authenticated requests to some OCS API endpoints was improperly implemented. The root cause is a CSRF token check that does not correctly validate requests, as described in the vulnerability notes. The ...