CVE-2013-0299Cross-Site Request Forgery in Owncloud

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 69.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 5

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export para

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDowncloud/owncloud_server22 versions+21
NVDowncloud/owncloud4.0.11

🔴Vulnerability Details

2
GHSA
GHSA-x92g-43qc-p6jq: Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 42022-05-05
CVEList
CVE-2013-0299: Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 42014-03-14
CVE-2013-0299 — Cross-Site Request Forgery in Owncloud | cvebase