An issue exists in ownCloud owncloud/oauth2 prior to 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an malicious user to redirect callbacks to a Top Level Domain controlled by the attacker.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owncloud oauth2 |