Lucene search
HistoryJun 04, 2014 - 2:55 p.m.
CVE-2014-3838
cve-2014-3838
owncloud server
permission check
remote access
authenticated users
file reading
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.7%
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
Affected configurations
Node
owncloudowncloudRange≤5.0.15
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
ORowncloudowncloudMatch5.0.5
ORowncloudowncloudMatch5.0.6
ORowncloudowncloudMatch5.0.7
ORowncloudowncloudMatch5.0.8
ORowncloudowncloudMatch5.0.9
ORowncloudowncloudMatch5.0.10
ORowncloudowncloudMatch5.0.11
ORowncloudowncloudMatch5.0.12
ORowncloudowncloudMatch5.0.13
ORowncloudowncloudMatch5.0.14
ORowncloudowncloudMatch5.0.14a
Node
owncloudowncloudMatch6.0.0
ORowncloudowncloudMatch6.0.1
ORowncloudowncloudMatch6.0.2
Related
owncloud
owncloud
Server: Improper authorization checks in core
2014-05-24 11:54:29
Improper authorization checks in core - ownCloud
2014-05-24 18:29:35
cvelist
cvelist
CVE-2014-3838
2014-06-04 14:00:00
ubuntucve
ubuntucve
CVE-2014-3838
2014-06-04 00:00:00
prion
prion
Design/Logic Flaw
2014-06-04 14:55:00
nvd
nvd
CVE-2014-3838
2014-06-04 14:55:04
openvas
openvas
ownCloud Multiple Vulnerabilities-04 (Jul 2014)
2014-07-03 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.7%
Related for CVE-2014-3838