Lucene search
Lukas Reschke – Vulnerability discovery and disclosure.OWNCLOUD:3EF4C15890AC0486CB6BE787E86AC880HistoryJul 13, 2016 - 7:01 p.m.
Insecure Direct Object References in Gallery - ownCloud
2016-07-1319:01:14
Lukas Reschke – Vulnerability discovery and disclosure.
owncloud.org
486
0.002 Low
EPSS
Percentile
61.8%
ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled.
Affected Software
- ownCloud Server < 8.2.6 (CVE-2016-5876)
- ownCloud Server < 9.0.3 (CVE-2016-5876)
Action Taken
The share token is verified.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 8.2.6 | |
| owncloud server | lt | 9.0.3 |
Related
ubuntucve
ubuntucve
CVE-2016-5876
2017-01-23 00:00:00
cve
cve
CVE-2016-5876
2017-01-23 21:59:01
prion
prion
Design/Logic Flaw
2017-01-23 21:59:00
osv
osv
CVE-2016-5876
2017-01-23 21:59:01
owncloud
owncloud
Server: Insecure Direct Object References in Gallery
2016-07-13 02:00:00
openvas
openvas
ownCloud Insecure Direct Object Reference Vulnerability (oC-SA-2016-010)
2021-09-22 00:00:00
cvelist
cvelist
CVE-2016-5876
2017-01-23 21:00:00
nvd
nvd
CVE-2016-5876
2017-01-23 21:59:01