ownCloud offers the OC_Util::getUrlContent()
to developers. Using this function applications can download content from remote websites.
Due to a newly introduced bug in this functionality it was following redirects to other protocols such as file://
. Thus, an attacker may be able to gain access to local files stored on the ownCloud instance.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0