PT-2021-11570 · Owncloud · Owncloud

Alessandro Groppo

Published

2021-02-09

Updated

2021-02-16

CVE-2020-28644

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: ownCloud/core versions prior to 10.6

Description: The issue is related to an improper implementation of the CSRF token check on cookie authenticated requests against some ocs API endpoints.

Recommendations: For ownCloud/core versions prior to 10.6, update to version 10.6 or later to resolve the issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-28644

Affected Products

Owncloud

PT-2021-11570 · Owncloud · Owncloud

CVE-2020-28644

Weakness Enumeration

Related Identifiers

Affected Products

References · 3