6.8

CVE-2014-9041

The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

Data is provided by the National Vulnerability Database (NVD)
OwncloudOwncloud Version <= 5.0.17
OwncloudOwncloud Server Version5.0.0
OwncloudOwncloud Server Version5.0.1
OwncloudOwncloud Server Version5.0.2
OwncloudOwncloud Server Version5.0.3
OwncloudOwncloud Server Version5.0.4
OwncloudOwncloud Server Version5.0.5
OwncloudOwncloud Server Version5.0.6
OwncloudOwncloud Server Version5.0.7
OwncloudOwncloud Server Version5.0.8
OwncloudOwncloud Server Version5.0.9
OwncloudOwncloud Server Version5.0.10
OwncloudOwncloud Server Version5.0.11
OwncloudOwncloud Server Version5.0.12
OwncloudOwncloud Server Version5.0.13
OwncloudOwncloud Server Version5.0.14
OwncloudOwncloud Server Version5.0.14 Updatea
OwncloudOwncloud Server Version5.0.15
OwncloudOwncloud Server Version5.0.16
OwncloudOwncloud Server Version6.0.0
OwncloudOwncloud Server Version6.0.1
OwncloudOwncloud Server Version6.0.2
OwncloudOwncloud Server Version6.0.3
OwncloudOwncloud Server Version6.0.4
OwncloudOwncloud Server Version6.0.5
OwncloudOwncloud Server Version7.0.0
OwncloudOwncloud Server Version7.0.1
OwncloudOwncloud Server Version7.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.18% 0.369
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.