Server: Auth bypass in /lib/base.php

ID OC-SA-2012-011
Type owncloud
Reporter ownCloud
Modified 2012-08-10T11:42:22


/lib/base.php before ownCloud 4.0.8 does not properly validate the user_id session variable via WebDAV, which allows authenticated attackers to gain access to other users files.

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0