PT-2012-4010 · Owncloud · Owncloud
Lukas Reschke
·
Publicado
2012-04-20
·
Atualizado
2025-03-31
·
CVE-2012-2397
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ownCloud versions prior to 3.0.3
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. This is achieved through vectors involving contacts.
Recommendations
For versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to contact-related functionality until the update is applied.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Owncloud