CVE-2013-1851 : Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors.

Published 2014-03-14 16:55:05

Updated 2014-03-26 00:23:39

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-1851

Probability of exploitation activity in the next 30 days: 0.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-1851

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2013-1851

http://owncloud.org/about/security/advisories/oC-SA-2013-010/

Security Advisories – ownCloud
Vendor Advisory

Products affected by CVE-2013-1851

Owncloud » Owncloud
Versions up to, including, (<=) 4.0.12
cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 3.0.0
cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 3.0.1
cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.4
cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.3
cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.2
cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.1
cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 3.0.3
cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 3.0.2
cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.5
cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.0
cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.7
cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.6
cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.5.0
cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.5.1
cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.9
cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.8
cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.5.2
cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.5.4
cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.5.3
cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.5.5
cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.10
cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.5.6
cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.5.7
cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*
Matching versions
Owncloud » Owncloud » Version: 4.0.11
cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-1851

Exploit prediction scoring system (EPSS) score for CVE-2013-1851

CVSS scores for CVE-2013-1851

References for CVE-2013-1851

Products affected by CVE-2013-1851