CVE-2014-9041Cross-Site Request Forgery in Owncloud

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 60.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedFeb 4
Latest updateMay 17

Description

The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDowncloud/owncloud_server26 versions+25
NVDowncloud/owncloud5.0.17

🔴Vulnerability Details

2
GHSA
GHSA-2qf9-7qgg-cxxh: The import functionality in the bookmarks application in ownCloud server before 52022-05-17
CVEList
CVE-2014-9041: The import functionality in the bookmarks application in ownCloud server before 52015-02-04
CVE-2014-9041 — Cross-Site Request Forgery in Owncloud | cvebase