Main Vulnerability Database Vulnerabilities #VU25684

#VU25684 Incorrect Use of Privileged APIs in ownCloud Server

Published: February 28, 2020

Vulnerability identifier: #VU25684

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-648

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
ownCloud Server

Software vendor:
ownCloud

Description

The vulnerability allows a remote attacker to gain access to all file-versions of a user.

The vulnerability exists due to the incorrect usage of privileged APIs. A remote authenticated attacker on the local network can access all versions of all files (even unshared) as soon as the owner of said files has at least one outgoing share with the attacker.

Remediation

Install updates from vendor's website.

External links

https://owncloud.org/security/advisories/access-to-all-file-versions-of-a-user-as-soon-as-he-has-one-share-with-the-attacker/

#VU25684 Incorrect Use of Privileged APIs in ownCloud Server

Description

Remediation

External links

Please verify you're human