CVE-2013-0301

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 4.0.12

Description A cross-site request forgery issue exists, allowing remote attackers to hijack user authentication for requests that change the timezone via the timezone parameter in the "apps/calendar/ajax/settings/settimezone" endpoint.

Recommendations For versions prior to 4.0.12, update to version 4.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the "apps/calendar/ajax/settings/settimezone" endpoint to minimize the risk of exploitation. Avoid using the timezone parameter in the affected endpoint until the issue is resolved.