CVE-2020-28644

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-28644

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28644.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-28644

Published

2021-02-09T19:15:13.630Z

Modified

2026-03-14T10:07:18.776656Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.

References

https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/

Affected packages

Git / github.com/owncloud/core

Affected ranges

Type

GIT

Repo

https://github.com/owncloud/core

Events

Introduced

Fixed

94282d9471e5c786602af512e7207aed6b6e3f8f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.6.0"
        }
    ]
}

Affected versions

v1.*

v1.0.0beta1

v1.0RC1

v1.1

v10.*

v10.0.0

v10.0.0RC1

v10.0.0RC2

v10.0.0RC3

v10.0.0RC4

v10.0.0RC5

v10.0.0alpha

v10.0.0beta

v10.0.0beta2

v10.0.1

v10.0.10

v10.0.10RC1

v10.0.10RC2

v10.0.10RC3

v10.0.10RC4

v10.0.1RC1

v10.0.1RC2

v10.0.1RC3

v10.0.1RC4

v10.0.1RC5

v10.0.2

v10.0.2RC1

v10.0.3

v10.0.3RC1

v10.0.3beta

v10.0.3beta2

v10.0.4

v10.0.4RC1

v10.0.4RC2

v10.0.4beta1

v10.0.4beta2

v10.0.5

v10.0.5RC1

v10.0.5RC2

v10.0.5RC3

v10.0.5RC4

v10.0.8

v10.0.8RC1

v10.0.8RC2

v10.0.8RC3

v10.0.8RC4

v10.0.9

v10.0.9RC1

v10.0.9RC2

v10.0.9RC3

v10.0.9RC4

v10.0.9beta

v10.0beta2

v10.1.0

v10.1.0RC1

v10.1.0RC2

v10.1.0beta

v10.3.0

v10.3.0RC1

v10.3.0alpha

v10.3.0alpha2

v10.3.1

v10.3.1RC1

v10.3.2

v10.3.2RC1

v10.4.0

v10.4.0RC1

v10.4.0RC2

v10.4.0RC3

v10.5.0beta1

v10.5.0beta2

v10.6.0RC1

v10.6.0RC2

v10.6.0RC3

v10.6.0beta1

v2.*

v2.0beta3

v3.*

v3.0

v3.0RC1

v3.0alpha1

v4.*

v4.0.0

v4.0.0RC

v4.0.0RC2

v4.0.0beta

v4.0.1

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.5.0

v4.5.0RC1

v4.5.0RC2

v4.5.0RC3

v4.5.0beta1

v4.5.0beta2

v4.5.0beta3

v4.5.0beta4

v5.*

v5.0.0

v5.0.0RC1

v5.0.0RC2

v5.0.0RC3

v5.0.0alpha1

v5.0.0beta1

v5.0.0beta2

v6.*

v6.0.0RC1

v6.0.0RC2

v6.0.0alpha2

v6.0.0beta2

v6.0.0beta3

v6.0.0beta4

v6.0.0beta5

v7.*

v7.0.0alpha2

v7.0.0beta1

v8.*

v8.0.0

v8.0.0RC1

v8.0.0RC2

v8.0.0alpha1

v8.0.0alpha2

v8.0.0beta1

v8.0.0beta2

v8.1.0alpha1

v8.1.0alpha2

v8.1.0beta1

v8.1.0beta2

v8.1RC2

v8.2RC1

v8.2beta1

v9.*

v9.0.0beta2

v9.0.1beta2

v9.0beta1

v9.1.0RC1

v9.1.0beta1

v9.1.0beta2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28644.json"