Candidate: CVE-2013-2048
PublicDate: 2014-03-14 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2048
 http://owncloud.org/about/security/advisories/oC-SA-2013-025/
Description:
 ownCloud before 5.0.6 does not properly check permissions, which allows
 remote authenticated users to execute arbitrary API commands via
 unspecified vectors.  NOTE: this can be leveraged using CSRF to allow
 remote attackers to execute arbitrary API commands.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, 5.0 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_owncloud:
upstream_owncloud: released (5.0.6)
lucid_owncloud: DNE
precise_owncloud: not-affected
quantal_owncloud: not-affected (4.0.8debian-1.1ubuntu0.1)
raring_owncloud: ignored (reached end-of-life)
saucy_owncloud: not-affected (5.0.10+dfsg-1ubuntu1)
trusty_owncloud: not-affected (6.0.1+dfsg-1ubuntu1)
trusty/esm_owncloud: DNE (trusty was not-affected [6.0.1+dfsg-1ubuntu1])
devel_owncloud: not-affected (6.0.1+dfsg-1ubuntu1)