CVE-2013-6403
published 2013-12-24CVE-2013-6403: The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.07%
79.0th percentile
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| owncloud | owncloud | <= 5.0.12 | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-6403 owncloud: possible security bypass on admin page (5.0.13)
bugzilla·2013-11-28·CVSS 6.8
CVE-2013-6403 [MEDIUM] CVE-2013-6403 owncloud: possible security bypass on admin page (5.0.13)
CVE-2013-6403 owncloud: possible security bypass on admin page (5.0.13)
ownCloud 5.0.13 fixes a possible security issue:
""
http://owncloud.org/changelog/
SECURITY: Fix a possible security bypass on admin page under certain circumstances and MariaDB
""
I do not know if this flaw affects the older versions in Fedora and EPEL.
Discussion:
Created owncloud tracking bugs for this issue:
Affects: fedora-all [bug 1035593]
Affects: epel-6 [bug 1035594]
---
CVE request: http://www.openwall.com/lists/oss-security/2013/11/28/5
---
F18 has 4.x but is EOL in a month, F19 and F20 are on 5.0.13 already (I'm about to send out 5.0.14a).
---
Sorry, I miscounted - F19 is still on 4.5.
Bugzilla
CVE-2013-6403 owncloud: possible security bypass on admin page (5.0.13) [fedora-all]
bugzilla·2013-11-28·CVSS 6.8
CVE-2013-6403 [MEDIUM] CVE-2013-6403 owncloud: possible security bypass on admin page (5.0.13) [fedora-all]
CVE-2013-6403 owncloud: possible security bypass on admin page (5.0.13) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this is
http://owncloud.org/changelog/http://secunia.com/advisories/55792http://www.openwall.com/lists/oss-security/2013/11/28/6https://exchange.xforce.ibmcloud.com/vulnerabilities/89323http://owncloud.org/changelog/http://secunia.com/advisories/55792http://www.openwall.com/lists/oss-security/2013/11/28/6https://exchange.xforce.ibmcloud.com/vulnerabilities/89323
2013-12-24
Published