CVE-2022-43679
First published: Thu Nov 10 2022(Updated: )
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud ownCloud | <=10.11.0 | |
| <=10.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this misconfiguration in ownCloud Server Docker image?
The vulnerability ID for this misconfiguration in ownCloud Server Docker image is CVE-2022-43679.
What is the impact of this vulnerability in the ownCloud Server Docker image?
This vulnerability in the ownCloud Server Docker image allows an attacker to spoof the URL in password-reset email messages.
What is the severity rating of CVE-2022-43679?
CVE-2022-43679 has a severity rating of medium (5.3).
How can an attacker exploit this vulnerability in the ownCloud Server Docker image?
An attacker can exploit this vulnerability by abusing the misconfiguration to spoof the URL in password-reset email messages.
Is there a fix available for CVE-2022-43679?
Yes, you can fix this vulnerability by updating the ownCloud Server Docker image to a version higher than 10.11.0.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/owncloud
- canonical/owncloud owncloud
- version/owncloud owncloud/10.11.0