CVE-2014-2050Cross-Site Request Forgery in Owncloud

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 51.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedJan 23
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDowncloud/owncloud_server6.0.06.0.2
NVDowncloud/owncloud< 5.0.15

🔴Vulnerability Details

2
GHSA
GHSA-64gx-5w65-vx94: Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 52022-05-17
CVEList
CVE-2014-2050: Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 52020-01-23

💬Community

1
Bugzilla
CVE-2016-2050 libdwarf: Out-of-bounds write in get_abbrev_array_info2016-01-20
CVE-2014-2050 — Cross-Site Request Forgery in Owncloud | cvebase