CVE-2020-28644: CSRF
First published: Tue Feb 09 2021(Updated: )
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud ownCloud | <10.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-28644.
What is the severity of CVE-2020-28644?
The severity of CVE-2020-28644 is medium.
What is CSRF and how does it affect this vulnerability?
CSRF stands for Cross-Site Request Forgery and it affects this vulnerability because the CSRF token check was improperly implemented on cookie authenticated requests against some ownCloud API endpoints.
Which versions of ownCloud/core are affected by CVE-2020-28644?
ownCloud/core version less than 10.6 is affected by CVE-2020-28644.
How can I fix the CSRF token check vulnerability in ownCloud?
To fix the CSRF token check vulnerability in ownCloud, it is recommended to update to version 10.6 or later.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/owncloud
- canonical/owncloud owncloud