Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:7BBA235ED9B356205EF0AA1996F17797Bypass of file blacklist - ownCloud
0.003 Low
EPSS
Percentile
65.1%
A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud versions, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files.
An attacker could leverage this bypass by uploading a .htaccess and execute arbitrary PHP code if the /data/ directory is stored inside the webroot and a webserver that interprets .htaccess files is used (e.g. Apache)
ownCloud always recommends to move the data directory outside of the web root.
Affected Software
- ownCloud Server < 7.0.5 (CVE-2015-3013)
- ownCloud Server < 6.0.7 (CVE-2015-3013)
- ownCloud Server < 5.0.19 (CVE-2015-3013)
Action Taken
The blacklist bypass has been fixed and unit tests has been added to prevent future regressions.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 5.0.19 | |
| owncloud server | lt | 7.0.5 | |
| owncloud server | lt | 6.0.7 |
Related
