CVE-2012-4393
Published Sep 5, 2012
Last updated 11 years ago
Overview
- Description
- Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1FA4A92-1FE7-4E83-B951-F33B0569835B",
"versionEndIncluding": "4.0.5"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0"
}
],
"operator": "OR"
}
]
}
]