CVE-2012-4392 — Improper Authentication in Server

CWE-287 — Improper Authentication3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 43.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Server

Timeline

PublishedSep 5

Latest updateMay 17

Description

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDowncloud/owncloud_server4.0.7

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rv2q-w6gm-pjm2: index↗2022-05-17

▶

CVEList

CVE-2012-4392: index↗2012-09-05

▶