CVE-2012-4752

appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://owncloud.org/changelog/
http://www.openwall.com/lists/oss-security/2012/08/11/1
http://www.openwall.com/lists/oss-security/2012/09/02/2
https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:owncloud:owncloud::::::::
	cpe:2.3:a:owncloud:owncloud:3.0.0:::::::*
	cpe:2.3:a:owncloud:owncloud:3.0.1:::::::*
	cpe:2.3:a:owncloud:owncloud:3.0.2:::::::*
	cpe:2.3:a:owncloud:owncloud:3.0.3:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.0:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.1:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.2:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.3:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.4:::::::*

History

No history.

Information

Published : 2012-09-05 23:55

Updated : 2024-02-28 12:00

NVD link : CVE-2012-4752

Mitre link : CVE-2012-4752

CVE.ORG link : CVE-2012-4752

JSON object : View

Products Affected

owncloud

owncloud

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-4752", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-09-05T23:55:03.147", "references": [{"url": "http://owncloud.org/changelog/", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2", "source": "cve@mitre.org"}, {"url": "https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393."}, {"lang": "es", "value": "appconfig.php en ownCloud anterior a v4.0.6 no restringe correctamente el acceso, lo que permite a usuarios remotos autenticados editar las configuraciones de aplicaciones a trav\u00e9s de vectores no especificados. NOTA: esto puede ser aprovechado por atacantes no autenticados remotos usando CVE-2012-4393."}], "lastModified": "2012-09-06T16:09:47.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1FA4A92-1FE7-4E83-B951-F33B0569835B", "versionEndIncluding": "4.0.5"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}