Misconfiguration in ownCloud Server Docker Image Compromises URL Spoofing
CVE-2022-43679

5.3MEDIUM

Key Information:

Vendor: Owncloud
Status: Owncloud
Vendor: CVE Published:; 10 November 2022

What is CVE-2022-43679?

A misconfiguration in the Docker image of ownCloud Server version 10.11 allows for the trusted_domains configuration to be bypassed. This vulnerability could be exploited to manipulate the URL in password-reset emails, potentially misleading users into entering their credentials on fraudulent websites.

References

https://owncloud.com

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2022
Vulnerability Reserved
Oct 24, 2022

JSON

Owncloud

What is CVE-2022-43679?

References

CVSS V3.1

Timeline