ownCloud up to 4.0.5 addBookmark.php cross-site request forgery

Summaryinfo

A vulnerability was found in ownCloud up to 4.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file addBookmark.php. The manipulation results in cross-site request forgery. This vulnerability is known as CVE-2012-4393. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in ownCloud up to 4.0.5 (Cloud Software). Affected is some unknown processing of the file addBookmark.php. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. CWE is classifying the issue as CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/.

The weakness was published 09/05/2012 (Website). The advisory is shared for download at github.com. This vulnerability is traded as CVE-2012-4393 since 08/21/2012. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Successful exploitation requires user interaction by the victim. There are known technical details, but no exploit is available.

By approaching the search of inurl:addBookmark.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 4.0.4 eliminates this vulnerability.

Similar entries are available at VDB-62046, VDB-62045, VDB-62044 and VDB-62038. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Cloud Software

Name

• ownCloud

Version

• 3.0.0
• 3.0.1
• 3.0.2
• 3.0.3
• 4.0.0
• 4.0.1
• 4.0.2
• 4.0.3
• 4.0.4
• 4.0.5

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion