Platform: ownCloud Server
Risk level: Low
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
- ownCloud Server < 5.0.6 (CVE-2013-2044)
It is recommended that all instances are upgraded to ownCloud Server 5.0.6.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Mateusz Goik – AliantSoft – Vulnerability discovery and disclosure.