CVE-2023-49104

Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 21/11/2023 Updated: 01/12/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

An issue exists in ownCloud owncloud/oauth2 prior to 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an malicious user to redirect callbacks to a Top Level Domain controlled by the attacker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
owncloud oauth2

CWE-601 https://owncloud.org/security https://owncloud.com/security-advisories/subdomain-validation-bypass/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-49104

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect