CVE-2013-0301

Published: Mar 14, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.

Affected (16)

Products: Owncloud: Owncloud, Owncloud Server

Owncloud

2 products

Owncloud

Owncloud Server

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud	Up to 4.0.11
Owncloud Owncloud Server	Version 3.0.0
Owncloud Owncloud Server	Version 3.0.1
Owncloud Owncloud Server	Version 3.0.2
Owncloud Owncloud Server	Version 3.0.3
Owncloud Owncloud Server	Version 4.0.0
Owncloud Owncloud Server	Version 4.0.10
Owncloud Owncloud Server	Version 4.0.1
Owncloud Owncloud Server	Version 4.0.2
Owncloud Owncloud Server	Version 4.0.3
Owncloud Owncloud Server	Version 4.0.4
Owncloud Owncloud Server	Version 4.0.5
Owncloud Owncloud Server	Version 4.0.6
Owncloud Owncloud Server	Version 4.0.7
Owncloud Owncloud Server	Version 4.0.8
Owncloud Owncloud Server	Version 4.0.9

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://owncloud.org/about/security/advisories/oC-SA-2013-004/

Source: secalert@redhat.com

Vendor Advisory

http://owncloud.org/about/security/advisories/oC-SA-2013-004/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.