The “documents” application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents.
Due to missing access control within the API of this application, the password-protection of shared files can be bypassed.
The “documents” application now verifies the password before granting access to shared files.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory: