CVE-2014-2048Improper Access Control in Owncloud

CWE-284Improper Access Control4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.8%
top 25.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud
Timeline
PublishedMar 26
Latest updateMay 14

Description

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDowncloud/owncloud< 5.0.15

🔴Vulnerability Details

2
GHSA
GHSA-rhgq-55hv-mq4c: The user_openid app in ownCloud Server before 52022-05-14
CVEList
CVE-2014-2048: The user_openid app in ownCloud Server before 52018-03-26

💥Exploits & PoCs

1
Exploit-DB
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection2014-10-06
CVE-2014-2048 — Improper Access Control in Owncloud | cvebase