Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:1B86297FC8604422409BDF8698EC7A60HistoryMay 24, 2014 - 6:26 p.m.
Improper authorization checks in contacts - ownCloud
2014-05-2418:26:28
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
29
0.002 Low
EPSS
Percentile
56.6%
Due to not verifying whether an user has been granted access to an address book, authenticated users are able to access arbitrary contacts of other users.
Affected Software
- ownCloud Server < 6.0.3 (CVE-2014-3834)
Action Taken
We reviewed the access-control of the contacts application and ensured that permissions are checked properly for every action.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 6.0.3 |
Related
cve
cve
CVE-2014-3834
2014-06-04 14:55:04
ubuntucve
ubuntucve
CVE-2014-3834
2014-06-04 00:00:00
nvd
nvd
CVE-2014-3834
2014-06-04 14:55:04
owncloud
owncloud
Server: Improper authorization checks in contacts
2014-05-24 11:54:29
Improper authorization checks in documents - ownCloud
2013-05-24 18:27:42
Server: Improper authorization checks in documents
2014-05-24 11:54:29
cvelist
cvelist
CVE-2014-3834
2014-06-04 14:00:00
prion
prion
Code injection
2014-06-04 14:55:00
openvas
openvas
ownCloud Multiple Vulnerabilities-03 (Jul 2014)
2014-07-03 00:00:00