Hello everyone, I’ve seen a CVE recently about WebDAV Api Authentication Bypass using Pre-Signed URLs I’m not sure if it’s been fixed in a recent ownCloud server version, I couldn’t find a changelog related to this threat. Is it already fixed in a specific version ? Will it be fixed soon ? Is the…

Not sure, but I think this was addressed in 10.13.1. [image] ownCloud Server 10.13.1 released: Critical security fixes included News Please find below the changes and known issues in ownCloud Server 10.13.1 that need your attention. You can also read the full ownCloud Ser…

WebDAV Api Authentication Bypass using Pre-Signed URLs

Server

alfredb November 28, 2023, 3:37pm 2

Not sure, but I think this was addressed in 10.13.1.

Fix: disallow pre-signed url access if the signing key is not initialized. #40962

3 Likes