Vulnerabilities > CVE-2020-10252 - Server-Side Request Forgery (SSRF) vulnerability in Owncloud
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
LOW Availability impact
HIGH Summary
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=44
- https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/
- https://owncloud.org/changelog/server/
- https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=44
- https://owncloud.org/changelog/server/
- https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/