4 matches found
CVE-2016-1500
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "fileversions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belongi...
CVE-2016-1500
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "fileversions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belongi...
CVE-2016-1500
CVE-2016-1500 affects ownCloud Server releases prior to certain patch levels (7.0.12; 8.0.x < 8.0.10; 8.1.x < 8.1.5; 8.2.x
Disclosure of files that begin with ".v" due to unchecked return value - ownCloud
Due to a incorrect usage of the getOwner function of the ownCloud virtual filesystem,done authenticated users with incoming shares of other users are able to access files beginning with ".v" of the sharing user. This can only be exploited if the "filesversions" application is enabled on the serve...