Misconfiguration in Docker Image of ownCloud Server Allows URL Spoofing in Password-Reset Emails

Misconfiguration in Docker Image of ownCloud Server Allows URL Spoofing in Password-Reset Emails

CVE-2022-43679 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.

Learn more about our Cis Benchmark Audit For Docker.