CVE-2013-2044Improper Input Validation in Owncloud

CWE-20Improper Input Validation4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 54.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 17

Description

Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

Ubuntuowncloud/owncloud< 6.0.1+dfsg-1ubuntu1
NVDowncloud/owncloud_server5 versions+4

Patches

Patch: owncloud.orgPatch: owncloud.org

🔴Vulnerability Details

3
GHSA
GHSA-3p9w-w3g3-89rg: Open redirect vulnerability in the Login Page (index2022-05-17
CVEList
CVE-2013-2044: Open redirect vulnerability in the Login Page (index2014-03-14
OSV
CVE-2013-2044: Open redirect vulnerability in the Login Page (index2014-03-14
CVE-2013-2044 — Improper Input Validation in Owncloud | cvebase