Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31649: Information disclosure in settings UI and API responses - ownCloud

ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.

CVE
Open in Source
#intel#perl

  • Product

  • Community

  • Partners

  • News news* Insights & Updates * ownCloud News

    • Forum
      • ownCloud Central
    • Events
      • Upcoming Events
      • Past Events / Recordings
    • Social Media
      • Facebook
      • Twitter
      • LinkedIn

    Latest Posts

    Whether it’s files containing personal data (GDPR), intellectual property or sensitive corporate data from HR, finance or …

    Read more

    We recently released the beta for Infinite Scale. And, there’s more: The alpha releases of the desktop …

    Read more

  • Pricing

  • Risk: medium

  • CVSS v3 Base Score: 5.7

  • CVSS v3 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

  • CWE ID: CWE-212

  • CWE Name: Improper Removal of Sensitive Information Before Storage or Transfer

  • CVE: CVE-2022-31649

Description

The settings page and some API responses of a few ownCloud apps contained plaintext credentials.

Affected

  • ownCloud server < 10.10.0

Action taken

Remove the sensitive values from the HTML and API responses.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE