CVE-2022-43679

Published: Nov 10, 2022Modified: May 1, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.

Affected (1)

Products: Owncloud: Owncloud

Owncloud

1 product

Owncloud

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud	Up to 10.11.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://owncloud.com

Source: cve@mitre.org

ProductVendor Advisory

https://owncloud.com

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.