Search criteria
2 vulnerabilities found for owncloud by kiteworks
CVE-2023-7273 (GCVE-0-2023-7273)
Vulnerability from cvelistv5 – Published: 2024-10-01 12:34 – Updated: 2024-10-01 13:16
VLAI
Title
Cross Site Request Forgery in Kiteworks OwnCloud
Summary
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.
If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.
Severity
6.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://hackerone.com/reports/2041007 | issue-tracking |
| https://cirosec.de/sa/sa-2023-012 | third-party-advisory |
Impacted products
Date Public
2024-10-01 12:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kiteworks:owncloud:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "owncloud",
"vendor": "kiteworks",
"versions": [
{
"lessThan": "10.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7273",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T13:15:11.127537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T13:16:05.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OwnCloud",
"repo": "https://github.com/owncloud/core",
"vendor": "Kiteworks",
"versions": [
{
"lessThanOrEqual": "10.12.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pascal Geuter \u003cpascal.geuter@cirosec.de\u003e"
}
],
"datePublic": "2024-10-01T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.\u003cbr\u003eIf a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.\nIf a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T12:34:10.481Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://hackerone.com/reports/2041007"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cirosec.de/sa/sa-2023-012"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to at least version 10.13"
}
],
"value": "Update to at least version 10.13"
}
],
"source": {
"advisory": "SA-2023-012",
"discovery": "EXTERNAL"
},
"title": "Cross Site Request Forgery in Kiteworks OwnCloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2023-7273",
"datePublished": "2024-10-01T12:34:10.481Z",
"dateReserved": "2024-08-05T10:46:30.916Z",
"dateUpdated": "2024-10-01T13:16:05.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7273 (GCVE-0-2023-7273)
Vulnerability from nvd – Published: 2024-10-01 12:34 – Updated: 2024-10-01 13:16
VLAI
Title
Cross Site Request Forgery in Kiteworks OwnCloud
Summary
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.
If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.
Severity
6.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://hackerone.com/reports/2041007 | issue-tracking |
| https://cirosec.de/sa/sa-2023-012 | third-party-advisory |
Impacted products
Date Public
2024-10-01 12:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kiteworks:owncloud:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "owncloud",
"vendor": "kiteworks",
"versions": [
{
"lessThan": "10.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7273",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T13:15:11.127537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T13:16:05.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OwnCloud",
"repo": "https://github.com/owncloud/core",
"vendor": "Kiteworks",
"versions": [
{
"lessThanOrEqual": "10.12.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pascal Geuter \u003cpascal.geuter@cirosec.de\u003e"
}
],
"datePublic": "2024-10-01T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.\u003cbr\u003eIf a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.\nIf a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T12:34:10.481Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://hackerone.com/reports/2041007"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cirosec.de/sa/sa-2023-012"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to at least version 10.13"
}
],
"value": "Update to at least version 10.13"
}
],
"source": {
"advisory": "SA-2023-012",
"discovery": "EXTERNAL"
},
"title": "Cross Site Request Forgery in Kiteworks OwnCloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2023-7273",
"datePublished": "2024-10-01T12:34:10.481Z",
"dateReserved": "2024-08-05T10:46:30.916Z",
"dateUpdated": "2024-10-01T13:16:05.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}