CSRF in appconfig.php
Platform: ownCloud Server
Risk level: Low
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.
- ownCloud Server < 4.0.7 (CVE-2012-4391)
It is recommended that all instances are upgraded to ownCloud Server 4.0.7.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory: