CSRF token leakage (oC-SA-2013-027)


AFFECTED SOFTWARE

  • ownCloud Server < 5.0.6

CVE IDENTIFIERS

  • CVE-2013-2086

RISK

  • Medium

COMMITS

DESCRIPTION

The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

RESOLUTION

Update to ownCloud Server 5.0.6
http://download.owncloud.org/community/owncloud-5.0.6.tar.bz2