CVE-2016-15014

Description

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

CESNET / theme-cesnet1.x – 1.x

References

MISChttps://vuldb.com/?id.217633
MISChttps://vuldb.com/?ctiid.217633
PATCHhttps://github.com/CESNET/theme-cesnet/pull/1
PATCHhttps://github.com/CESNET/theme-cesnet/commit/2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6
PATCHhttps://github.com/CESNET/theme-cesnet/releases/tag/2.0.0