CVE-2013-2047 — Owncloud vulnerability

CWE-2644 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedMar 14

Latest updateMay 17

Description

The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶Ubuntuowncloud/owncloud< 6.0.1+dfsg-1ubuntu1

▶NVDowncloud/owncloud5.0.5

▶NVDowncloud/owncloud_server5 versions+4

Patches

Patch: owncloud.org ↗Patch: owncloud.org ↗

🔴Vulnerability Details

GHSA

GHSA-ghx4-6p9g-2pf5: The login page (aka index↗2022-05-17

▶

OSV

CVE-2013-2047: The login page (aka index↗2014-03-14

▶

CVEList

CVE-2013-2047: The login page (aka index↗2014-03-14

▶