Open redirector (oC-SA-2013-022)


AFFECTED SOFTWARE

  • ownCloud Server < 5.0.6

RISK

  • Low

CVE

  • CVE-2013-2044

COMMITS

DESCRIPTION

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

Credits

The ownCloud Team would like to thank Mateusz Goik (aliantsoft.pl / CVE-2013-2044) for discovering this vulnerability.

RESOLUTION

Update to ownCloud Server 5.0.6
http://download.owncloud.org/community/owncloud-5.0.6.tar.bz2