Description
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
Remediation
References
Related Vulnerabilities
Atlassian Jira Other Vulnerability (CVE-2019-20101)
Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2021-42340)
WordPress Plugin Archivist-Custom Archive Templates Multiple Vulnerabilities (1.7.4)
WordPress Plugin History Collection Arbitrary File Download (1.1.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-15132)