Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the shareinfo API endpoint. An attacker can access files intended to be protected by a password by directly retrieving the download link from the API response and using it to...

Shareinfo url doesn't verify file drop permissions - ownCloud

The permission check for a file drop upload only share could be circumvented by using the shareinfo API. This allowed to see from the files in the filedrop but didn’t allow downloads...