Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross Site Request Forgery in Kiteworks OwnCloud
Vulnerability Description
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
ownCloud 安全漏洞
Vulnerability Description
ownCloud是美国ownCloud公司的一套个人云存储解决方案。 ownCloud 10.12版本及之前版本存在安全漏洞,该漏洞源于存在跨站请求伪造,允许未经身份验证的攻击者伪造请求。
CVSS Information
N/A
Vulnerability Type
N/A