Description

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.

Remediation

References

CVE-2022-43679

Related Vulnerabilities

Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2019-0199)

PHP CVE-2013-7345 Vulnerability (CVE-2013-7345)

Joomla! Core 3.x.x Directory Traversal (3.2.0 - 3.4.5)

WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Request Forgery (2.2.18)

IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-4153)

Severity

Medium

Classification

CVE-2022-43679 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities