CVE-2013-2048Owncloud vulnerability

CWE-2645 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 46.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 17

Description

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

Ubuntuowncloud/owncloud< 6.0.1+dfsg-1ubuntu1
NVDowncloud/owncloud_server5 versions+4

Patches

Patch: owncloud.orgPatch: owncloud.org

🔴Vulnerability Details

3
GHSA
GHSA-wq9j-6h98-5f7j: ownCloud before 52022-05-17
CVEList
CVE-2013-2048: ownCloud before 52014-03-14
OSV
CVE-2013-2048: ownCloud before 52014-03-14

💥Exploits & PoCs

1
Exploit-DB
Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)2012-12-09
CVE-2013-2048 — Owncloud vulnerability | cvebase