Description
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1559)
WordPress Plugin Per page add to head Cross-Site Request Forgery (1.4.3)
Internet Information Services Other Vulnerability (CVE-1999-1376)
osCommerce Other Vulnerability (CVE-2004-2638)
WordPress Plugin Custom Permalinks Unspecified Vulnerability (0.7.15)