This security bulletin contains one low risk vulnerability.
The vulnerability allows a remote attacker to gain access to all file-versions of a user.
The vulnerability exists due to the incorrect usage of privileged APIs. A remote authenticated attacker on the local network can access all versions of all files (even unshared) as soon as the owner of said files has at least one outgoing share with the attacker.Mitigation
Install updates from vendor's website.Vulnerable software versions
ownCloud Server: 10.0.9 - 10.3.0Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?