// For flags

CVE-2013-0299

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php.

Múltiples vulnerabilidades de CSRF en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permiten a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que (1) cambian la zona horaria para el usuario a través de los parámetros lat y lng hacia apps/calendar/ajax/settings/guesstimezone.php, (2) deshabilitan o habilitan la detección de zona horaria automatica a través del parámetro timezonedetection hacia apps/calendar/ajax/settings/timezonedetection.php, (3) importan cuentas de usuario a través del parámetro admin_export hacia apps/admin_migrate/settings.php, (4) sobreescriben archivos de usuario a través del parámetro operation hacia apps/user_migrate/ajax/export.php o (5) cambian la URL del servidor de autenticación a través de vectores no especificados hacia apps/user_ldap/settings.php.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-12-06 CVE Reserved
  • 2014-03-14 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-09-29 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
<= 4.0.11
Search vendor "Owncloud" for product "Owncloud" and version " <= 4.0.11"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
3.0.0
Search vendor "Owncloud" for product "Owncloud" and version "3.0.0"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
3.0.1
Search vendor "Owncloud" for product "Owncloud" and version "3.0.1"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
3.0.2
Search vendor "Owncloud" for product "Owncloud" and version "3.0.2"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
3.0.3
Search vendor "Owncloud" for product "Owncloud" and version "3.0.3"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.0
Search vendor "Owncloud" for product "Owncloud" and version "4.0.0"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.1
Search vendor "Owncloud" for product "Owncloud" and version "4.0.1"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.2
Search vendor "Owncloud" for product "Owncloud" and version "4.0.2"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.3
Search vendor "Owncloud" for product "Owncloud" and version "4.0.3"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.4
Search vendor "Owncloud" for product "Owncloud" and version "4.0.4"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.5
Search vendor "Owncloud" for product "Owncloud" and version "4.0.5"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.6
Search vendor "Owncloud" for product "Owncloud" and version "4.0.6"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.7
Search vendor "Owncloud" for product "Owncloud" and version "4.0.7"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.8
Search vendor "Owncloud" for product "Owncloud" and version "4.0.8"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.9
Search vendor "Owncloud" for product "Owncloud" and version "4.0.9"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.0.10
Search vendor "Owncloud" for product "Owncloud" and version "4.0.10"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.5.0
Search vendor "Owncloud" for product "Owncloud" and version "4.5.0"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.5.1
Search vendor "Owncloud" for product "Owncloud" and version "4.5.1"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.5.2
Search vendor "Owncloud" for product "Owncloud" and version "4.5.2"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.5.3
Search vendor "Owncloud" for product "Owncloud" and version "4.5.3"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.5.4
Search vendor "Owncloud" for product "Owncloud" and version "4.5.4"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.5.5
Search vendor "Owncloud" for product "Owncloud" and version "4.5.5"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
4.5.6
Search vendor "Owncloud" for product "Owncloud" and version "4.5.6"
-
Affected