Owncloud · Owncloud · CVE-2020-28644
Name of the Vulnerable Software and Affected Versions:
ownCloud/core versions prior to 10.6
Description:
The issue is related to an improper implementation of the CSRF token check on cookie authenticated requests against some ocs API endpoints.
Recommendations:
For ownCloud/core versions prior to 10.6, update to version 10.6 or later to resolve the issue.