CVE-2014-2050: CSRF
First published: Thu Jan 23 2020(Updated: )
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud ownCloud | <5.0.15 | |
| ownCloud ownCloud | >=6.0.0<6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2050?
The severity of CVE-2014-2050 is medium (6.5).
How does the CSRF vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 work?
The CSRF vulnerability allows remote attackers to hijack user authentication for password reset requests by exploiting a crafted HTTP Host header.
What software versions are affected by CVE-2014-2050?
ownCloud Server versions before 5.0.15 and 6.0.x before 6.0.2 are affected.
How can I fix the CSRF vulnerability in ownCloud Server?
To fix the CSRF vulnerability, update ownCloud Server to version 5.0.15 or 6.0.2 or later.
Where can I find more information about CVE-2014-2050?
You can find more information about CVE-2014-2050 at the following references: [1](https://exchange.xforce.ibmcloud.com/vulnerabilities/91971), [2](https://owncloud.org/security/advisories/host-header-poisoning/), [3](https://www.securityfocus.com/bid/66221).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/description
- vendor/owncloud
- canonical/owncloud owncloud
- version/owncloud owncloud/6.0.0