CVE-2014-3836Cross-Site Request Forgery in Owncloud

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 69.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedJun 4
Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDowncloud/owncloud_server6.0.0, 6.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-gc43-vv2m-8crq: Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 62022-05-17
CVEList
CVE-2014-3836: Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 62014-06-04
CVE-2014-3836 — Cross-Site Request Forgery in Owncloud | cvebase