Lucene search
HistoryJun 04, 2014 - 2:55 p.m.
CVE-2014-3835
cve-2014-3835
owncloud server
file permissions
external storage
nvd
security vulnerability
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
40.0%
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.
Affected configurations
Node
owncloudowncloudMatch6.0.0
ORowncloudowncloudMatch6.0.1
ORowncloudowncloudMatch6.0.2
Node
owncloudowncloudRange≤5.0.15
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
ORowncloudowncloudMatch5.0.5
ORowncloudowncloudMatch5.0.6
ORowncloudowncloudMatch5.0.7
ORowncloudowncloudMatch5.0.8
ORowncloudowncloudMatch5.0.9
ORowncloudowncloudMatch5.0.10
ORowncloudowncloudMatch5.0.11
ORowncloudowncloudMatch5.0.12
ORowncloudowncloudMatch5.0.13
ORowncloudowncloudMatch5.0.14
ORowncloudowncloudMatch5.0.14a
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud:owncloud | owncloud | eq | 6.0.0 |
| owncloud:owncloud | owncloud | eq | 6.0.1 |
| owncloud:owncloud | owncloud | eq | 6.0.2 |
Related
owncloud
owncloud
Improper authorization checks in files_external - ownCloud
2014-05-24 18:27:09
Server: Improper authorization checks in files_external
2014-05-24 11:54:29
prion
prion
Code injection
2014-06-04 14:55:00
nvd
nvd
CVE-2014-3835
2014-06-04 14:55:04
cvelist
cvelist
CVE-2014-3835
2014-06-04 14:00:00
ubuntucve
ubuntucve
CVE-2014-3835
2014-06-04 00:00:00
openvas
openvas
ownCloud Multiple Vulnerabilities-04 (Jul 2014)
2014-07-03 00:00:00
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
40.0%
Related for CVE-2014-3835