Lucene search

GitHub Advisory DatabaseGHSA-QM4X-CH5W-GR62

HistoryMay 17, 2022 - 4:42 a.m.

XXE in SabreDAV

2022-05-1704:42:42

GitHub Advisory Database

github.com

sabredav

vulnerability

owncloud

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Affected configurations

Vulners

Node

sabredavRange<1.8.9

sabredavRange<1.7.11

VendorProductVersionCPE
sabredav*cpe:2.3:a:sabre:dav:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sabre	dav	*	cpe:2.3:a:sabre:dav::::::::

References

github.com/advisories/GHSA-qm4x-ch5w-gr62

github.com/FriendsOfPHP/security-advisories/blob/master/sabre/dav/CVE-2014-2055.yaml

github.com/fruux/sabre-dav/releases/tag/1.7.11

github.com/sabre-io/dav/commit/e3f46e0ecf83cf1d2ebf54908cde7b5ec170aa2c

github.com/sabre-io/dav/issues/414

nvd.nist.gov/vuln/detail/CVE-2014-2055

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

Related for GHSA-QM4X-CH5W-GR62