ownCloud Multiple Cross Site Request Forgery Vulnerabilities
BID:58107
Info
ownCloud Multiple Cross Site Request Forgery Vulnerabilities
| Bugtraq ID: | 58107 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-0299 CVE-2013-0300 CVE-2013-0301 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2013 12:00AM |
| Updated: | Feb 21 2013 12:00AM |
| Credit: | Reported by vendor. |
| Vulnerable: |
ownCloud ownCloud 4.5.2 ownCloud ownCloud 4.5 ownCloud ownCloud 4.0.9 ownCloud ownCloud 4.0.7 ownCloud ownCloud 4.0.6 ownCloud ownCloud 4.0.5 ownCloud ownCloud 4.0.4 ownCloud ownCloud 4.5.6 ownCloud ownCloud 4.5.5 ownCloud ownCloud 4.0.3 ownCloud ownCloud 4.0.2 ownCloud ownCloud 4.0.11 ownCloud ownCloud 4.0.10 ownCloud ownCloud 4.0.1 |
| Not Vulnerable: |
ownCloud ownCloud 4.5.7 ownCloud ownCloud 4.0.12 |
Discussion
ownCloud Multiple Cross Site Request Forgery Vulnerabilities
ownCloud is prone to multiple cross-site request-forgery vulnerabilities because it fails to properly validate POST requests.
Attackers can exploit these issues to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
These issues are fixed in ownCloud 4.0.12 and 4.5.7 versions.
ownCloud is prone to multiple cross-site request-forgery vulnerabilities because it fails to properly validate POST requests.
Attackers can exploit these issues to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
These issues are fixed in ownCloud 4.0.12 and 4.5.7 versions.
Exploit / POC
ownCloud Multiple Cross Site Request Forgery Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
An attacker can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
ownCloud Multiple Cross Site Request Forgery Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
ownCloud Multiple Cross Site Request Forgery Vulnerabilities
References:
References:
- ownCloud Homepage (ownCloud)
- ownCloud Security Advisories (oss-sec)
- Multiple CSRF vulnerabilities (oC-SA-2013-004) (ownCloud)