CVE-2013-2086Sensitive Information Exposure in Server

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 51.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 17

Description

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Ubuntuowncloud/owncloud< 6.0.1+dfsg-1ubuntu1
NVDowncloud/owncloud_server6 versions+5

Patches

Patch: owncloud.orgPatch: owncloud.org

🔴Vulnerability Details

3
GHSA
GHSA-h6hw-v9wj-v784: The configuration loader in ownCloud 52022-05-17
OSV
CVE-2013-2086: The configuration loader in ownCloud 52014-03-14
CVEList
CVE-2013-2086: The configuration loader in ownCloud 52014-03-14
CVE-2013-2086 — Sensitive Information Exposure | cvebase