ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
2014-06-04T14:55:04.903
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.0 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | owncloud | owncloud | ≤ 5.0.15 | Yes |
| Application | owncloud | owncloud_server | 5.0.0 | Yes |
| Application | owncloud | owncloud_server | 5.0.1 | Yes |
| Application | owncloud | owncloud_server | 5.0.2 | Yes |
| Application | owncloud | owncloud_server | 5.0.3 | Yes |
| Application | owncloud | owncloud_server | 5.0.4 | Yes |
| Application | owncloud | owncloud_server | 5.0.5 | Yes |
| Application | owncloud | owncloud_server | 5.0.6 | Yes |
| Application | owncloud | owncloud_server | 5.0.7 | Yes |
| Application | owncloud | owncloud_server | 5.0.8 | Yes |
| Application | owncloud | owncloud_server | 5.0.9 | Yes |
| Application | owncloud | owncloud_server | 5.0.10 | Yes |
| Application | owncloud | owncloud_server | 5.0.11 | Yes |
| Application | owncloud | owncloud_server | 5.0.12 | Yes |
| Application | owncloud | owncloud_server | 5.0.13 | Yes |
| Application | owncloud | owncloud_server | 5.0.14 | Yes |
| Application | owncloud | owncloud_server | 5.0.14 | Yes |
| Application | owncloud | owncloud_server | 6.0.0 | Yes |
| Application | owncloud | owncloud_server | 6.0.1 | Yes |
| Application | owncloud | owncloud_server | 6.0.2 | Yes |