Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:6E90AD64A1D62B83AB5AF38394E776D1HistoryNov 25, 2014 - 6:39 p.m.
Bypass of shared files password protection in "documents" application - ownCloud
2014-11-2518:39:03
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
35
EPSS
0.002
Percentile
52.6%
The “documents” application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents.
Due to missing access control within the API of this application, the password-protection of shared files can be bypassed.
Affected Software
- ownCloud Server < 7.0.3 (CVE-2014-9048)
- ownCloud Server < 6.0.6 (CVE-2014-9048)
Action Taken
The “documents” application now verifies the password before granting access to shared files.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
Related
prion
prion
Design/Logic Flaw
2015-02-04 18:59:00
cvelist
cvelist
CVE-2014-9048
2015-02-04 18:00:00
owncloud
owncloud
cve
cve
CVE-2014-9048
2015-02-04 18:59:07
nvd
nvd
CVE-2014-9048
2015-02-04 18:59:07
openvas
openvas
ownCloud Multiple Vulnerabilities -01 (Feb 2015)
2015-02-19 00:00:00