ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Owncloud |
|
Configuration 1 [-]
|
No data.
References
History
Mon, 31 Mar 2025 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Owncloud owncloud Server
|
|
| CPEs | cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:* |
cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:* |
| Vendors & Products |
Owncloud owncloud Server
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T15:20:37.338Z
Reserved: 2013-02-19T00:00:00
Link: CVE-2013-2048
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2014-03-14T16:55:05.457
Modified: 2025-04-12T10:46:40.837
Link: CVE-2013-2048
Redhat
No data.