CVE-2023-49105

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/	Vendor Advisory
https://owncloud.org/security	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*

History

30 Nov 2023, 19:28

Type	Values Removed	Values Added
First Time		Owncloud Owncloud owncloud
CPE		cpe:2.3:a:owncloud:owncloud::::::::
CWE		CWE-287
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/ -~~	() https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/ - Vendor Advisory
References	~~() https://owncloud.org/security -~~	() https://owncloud.org/security - Product

21 Nov 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-21 22:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-49105

Mitre link : CVE-2023-49105

CVE.ORG link : CVE-2023-49105

JSON object : View

Products Affected

owncloud

owncloud

CWE

CWE-287

Improper Authentication

{"id": "CVE-2023-49105", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-21T22:15:08.613", "references": [{"url": "https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://owncloud.org/security", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en ownCloud owncloud/core antes de la versi\u00f3n 10.13.1. Un atacante puede acceder, modificar o eliminar cualquier archivo sin autenticaci\u00f3n si conoce el nombre de usuario de la v\u00edctima y la v\u00edctima no tiene una clave de firma configurada. Esto ocurre porque las URL prefirmadas se pueden aceptar incluso cuando no se configura ninguna clave de firma para el propietario de los archivos. La primera versi\u00f3n afectada es la 10.6.0."}], "lastModified": "2023-11-30T19:28:59.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "117F6462-A2A3-46CB-B795-79C72AF275A8", "versionEndExcluding": "10.13.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}