Anti Virus For Owncloud
Monthly
Server-Side Request Forgery in the Anti-Virus for ownCloud extension (versions before 1.2.3, shipping with ownCloud 10 prior to 10.15.3) lets an authenticated high-privileged user coerce the server into issuing attacker-controlled requests, with a scope-changed CVSS of 9.1 reflecting reach into internal systems. The flaw was reported through ownCloud's security advisory program (GHSA-3wg4-mg27-hj4w); there is no public exploit identified at time of analysis and it is not listed in CISA KEV. A vendor-released patch exists: Anti-Virus for ownCloud 1.2.3 / ownCloud 10.15.3.
Server-Side Request Forgery in the Anti-Virus for ownCloud extension (versions before 1.2.3, shipping with ownCloud 10 prior to 10.15.3) lets an authenticated high-privileged user coerce the server into issuing attacker-controlled requests, with a scope-changed CVSS of 9.1 reflecting reach into internal systems. The flaw was reported through ownCloud's security advisory program (GHSA-3wg4-mg27-hj4w); there is no public exploit identified at time of analysis and it is not listed in CISA KEV. A vendor-released patch exists: Anti-Virus for ownCloud 1.2.3 / ownCloud 10.15.3.