309 matches found
Missing user validation leading to information disclosure
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root...
Improper validation of certificates within the iOS application
The ownCloud iOS Library was vulnerable against a remotely exploitable certification problem until version 1.1.2. The vulnerable library version is used by the official ownCloud iOS client until version 3.4.4...
Enumeration of shared files in documents - ownCloud
Due to using the auto-incrementing fileid instead of the random generated token to access files in the documents app an authenticated users could enumerate shared files of other users. Affected Software ownCloud Server 6.0.3 CVE-2014-3837 Action Taken We replaced the usage of fileid with our rand...
Server: Mounted Dropbox storage allows "Dropbox.com" to access any file
A bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted. This was caused by a feature of PHP which has been turned off per default as of PHP 5.6.0 in t...
Multiple XSS - ownCloud
Multiple stored and reflected XSS have been adressed. Affected Software ownCloud Server 6.0.2 Action Taken Acknowledgements The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory: Dirk van Veen - Itq [email protected] - Vulnerability...
Server: XSS in "Share Interface"
Multiple stored and reflected XSS have been adressed. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
SQLInjection in FileContentProvider.kt - ownCloud
Due to some insecure code in a exported content provider an attacker with local access could retrieve information from the ownCloud app database through SQL injection...
XSS in Error Page - ownCloud security advisory
Platform: ownCloud Server Versions: 10.0.2 Date: 5/31/2017 Risk level: Medium CVSS v3 Base Score: 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CWE: Improper Neutralization of Input During Web Page Generation âCross-site Scriptingâ CWE-79 HackerOne report: 215410...
Local Path Disclosure when using Asset Pipeline - ownCloud
ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...
Deserialization of Untrusted Data in core - ownCloud
Due to the deserialization of unstrusted data in core an attacker might be able to delete arbitrary files from the filesystem or executing arbitrary SQL queries. This issue has been found in a widely used third-party library, we have removed the component due to general quality concerns from the...
Mounted Dropbox storage allows "Dropbox.com" to access any file - ownCloud
A bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted. This was caused by a feature of PHP which has been turned off per default as of PHP 5.6.0 in t...
Improper validation of certificates when using self-signed certificates 1.8.2
Platform: Desktop-clients Versions: 1.8.2, Date: 6/8/2015 Risk level: Medium CVSS v2 Base Score: 6.1 AV:N/AC:H/Au:N/C:C/I:P/A:N CWE: Improper Validation of Certificate with Host Mismatch CWE-297...
Cross-site Request Forgery in diagnostics app - ownCloud
Improper handling of CSRF protection in the diagnostics app in combination with the SameSite-Cookie setting being set to None allows cross site invocation of an admin API...
Authentication Bypass Using Pre-signed URLs - ownCloud
Improper validation may allow an attacker to bypass authentication and gain access to users’ files. Prior knowledge of a username and a file path is needed in order to gain access to a certain file...
Bypassing App Lock (Pattern/Passcode/Fingerprint lock | Android) (oC-SA-2020-003)
Given an attacker has physical access, creating a backup of the ownCloud Android app via adb provides access to the app preferences file. Contained in the file were settings related to the app lock feature such as the pincode/pattern and if the respective lock is active. An attacker could change...
Public-Link Password-Bypass via Image-Previews – ownCloud
------- It was possible to access the preview-image of a password-protected public-link. The severity of the issue is reduced to low because the attacker needs to know the public-link hash and the original filename of the image. Affected ----- - owncloud/core v10.4 Action taken -------- Applied...
Credentials potentially leaked to other configured ownCloud instance
A bug in the ownCloud iOS application below version 3.4.4 may leak credentials as well as cookies used for authentication purposes to other configured ownCloud instances...
Server: Code execution in /lib/filesystem.php
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a file with a special crafted filename. For more information please consult the official advisory. This advisory is licensed CC...
Access to all file-versions of a user - ownCloud security advisory
Platform: ownCloud Server Versions: 10.3.0 Date: 2/28/2020 Risk: Medium CVSS v3 Base Score: 6.8 CVSS v3 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CWE ID: 648 CWE Name: Incorrect Use of Privileged APIs...
Denial of Service in Comments API - ownCloud
Insufficient input validation in the Comments Plugin may allow an authenticated attacker to cause a Denial of Service...
Server: Code execution in /lib/migrate.php
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a crafted mount.php file in an imported ZIP file. For more information please consult the official advisory. This advisory is licensed CC BY-...
Files_antivirus doesn't delete virus if uploaded through public link
Risk: low CVSS v3 Base Score: 1.2 CVSS v3 Vector: AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N CWE ID: CWE-280 CWE Name: Improper Handling of Insufficient Permissions or Privileges...
Possibility to extend internal-share permissions using the API – ownCloud
An Attacker can extend the permission of a received subfolder share using the ocs api. Additional risk exists because the previlege extension is also possible on public-shares. Affected Software ownCloud Server 10.2.1 CVE-2019-???? core/55a29e0aaef5ebb55cf15ce309d7daaea4fb6c06 Action Taken Added...
Server: Deserialization of Untrusted Data in core
Due to the deserialization of unstrusted data in core an attacker might be able to delete arbitrary files from the filesystem or executing arbitrary SQL queries. This issue has been found in a widely used third-party library, we have removed the component due to general quality concerns from the...
Server: Insecure OpenID implementation
Due to an insecure OpenID implementation used by useropenid in ownCloud 5 it is possible to log-into a system using an arbitrary OpenID Account without knowing any secret information, i.e. the password, about it by using a malicious OpenID provider. For more information please consult the officia...
Bypassing File Firewall (oC-SA-2020-002)
Platform: ownCloud Server Versions: n/a Date: 8/3/2020 Risk: Low CVSS v3 Base Score: 1.6 CVSS v3 Vector: AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N CWE ID: CWE-791 CWE Name: Incomplete Filtering of Special Elements...
Possibility to extend internal share permissions using the API - ownCloud security advisory
Platform: ownCloud Server Versions: 10.0.0 Date: 7/25/2019 Risk level: High CVSS v3 Base Score: 8 Improper Privilege Management, CWE-269...
Share tokens for public calendars disclosed - ownCloud security advisory
Platform: ownCloud Server Versions: 10.0.2 Date: 5/31/2017 Risk level: Medium CVSS v3 Base Score: 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CWE: Information Exposure Through Directory Listing CWE-548...
Code execution in /lib/filesystem.php - ownCloud
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a file with a special crafted filename. Affected Software ownCloud Server 4.0.10 CVE-2013-5665 ownCloud Server 4.5.5 CVE-2013-56...
Server-Side Request Forgery in federated sharing API - ownCloud
Server-Side Request Forgery in federated sharing API may allow an unauthenticated attacker to identify internal servers. Furthermore, due to improper timeout handling, the server could be affected by a Denial of Service attack...
Deleting received group share for whole group
Platform: ownCloud Server Versions: 10.2.0 Date: 2/28/2020 Risk: Low CVSS v3 Base Score: 3.5 CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CWE ID: 385 CWE Name: Improper Privilege Management...
XSS in "Share Interface" - ownCloud
Multiple stored and reflected XSS have been adressed. Affected Software ownCloud Server 5.0.8 Action Taken Acknowledgements The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory: Lukas Reschke - ownCloud Inc. [email protected] -...
Server: Auth bypass in user_webdavauth and user_ldap
ownCloud 4.5.4, ownCloud 4.0.9 and all versions previous to this doesn't sufficiently verify whether a request to settings.php was sent by an admin, which allows unauthenticated users to edit app configurations of userwebdavauth and userldap. An unauthenticated attacker may use this to gain acces...
Improper Validation in the User Profile Metadata - ownCloud
Improper Validation in the User Profile Metadata may allow an authenticated attacker to edit their own profile in a way that consumes a substantial amount of resources, creating a Denial of Service...
Biometric Authentication Bypass - ownCloud
Improper validation in the Biometric authentication process may allow an attacker to bypass that process and gain unauthorized access. This attack requires physical access to the vulnerable device...
Improper Validation in the User's Avatar Mechanism - ownCloud
Improper Validation in the User’s Avatar Mechanism may allow an authenticated attacker to edit their own profile in a way that consumes a substantial amount of resources, creating a Denial of Service...
Edit of share permissions causes public links misbehaviour - ownCloud
Changes to the permissions of a share where propagated to public links of child resources...
Reflected XSS in login page forgot password functionallity
The login page was not properly sanitizing exception messages from the ownCloud server...
SSRF in âAdd to your ownCloudâ functionality - security advisory
It is possible to force the ownCloud server to execute GET requests against a crafted URL on the internal or external network Server Side Request Forgery after receiving a public link-share URL. The criticality of this issue is lowered because the attacker can not see the result of the forged...
Users can mount the local filesystem - ownCloud
Due to an insufficient permission check authenticated users are able to access preview pictures of others users. Affected Software ownCloud Server 6.0.1 Action Taken It is recommended that all instances are upgraded to ownCloud Server 6.0.2. Acknowledgements The ownCloud team thanks the following...
Server: Users can mount the local filesystem
Due to not properly sanitzing the mount configuration authenticated users are able to mount the local filesystem into their ownCloud. A successful exploit requires the filesexternal app to be enabled. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4....
Server: Auth bypass in "user_webdavauth"
A not further specified authentication bypass in the userwebdavauth application has been found. Using this vulnerability an attacker might login to the ownCloud instance without valid credentials. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Code execution in /lib/migrate.php - ownCloud
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a crafted mount.php file in an imported ZIP file. Affected Software ownCloud Server 4.0.10 CVE-2013-5665 ownCloud Server 4.5.5 CVE-2013-5665...
SSRF in "Add to your ownCloud" functionality – ownCloud
------- It is possible to force the ownCloud server to execute GET requests against a crafted URL on the internal or external network Server Side Request Forgery after receiving a public link-share URL. The criticality of this issue is lowered because the attacker can not see the result of the...
Deleting received group share for whole group – ownCloud
------- A group-share recipient can remove the received group share for all group-recipients. No data-loss occurs as the share can be re-created again. Affected ----- - owncloud/core v10.3.0 Action taken -------- Improve permission check when deleting groups...
WebDAV Api Authentication Bypass using Pre-Signed URLs - ownCloud
It is possible to access, modify or delete any file without authentication if the username of the victim is known and the victim has no signing-key configured which is the default...
Public-Link Password-Bypass via Image-Previews - ownCloud security advisory
Platform: ownCloud Server Versions: 10.3 Date: 2/28/2020 Risk: Low CVSS v3 Base Score: 3.1 CVSS v3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CWE ID: 284 CWE Name: Improper Access Control...
Possibility to extend internal share permissions using the API – ownCloud
An Attacker can extend the permission of a received internal-share using the ocs-api. Check is currently only done in the UI. Affected Software ownCloud Server 10.2.1 CVE-2019-???? core/4ae39f7c70bb26e55d7396184da5c30dd75980a3 Action Taken Added better checks which prevent extending the permissio...
Improper access control in SVG preview generation - ownCloud
Improper access control in SVG preview generation may allow an authenticated attacker to gain access to other user’s images...
Subdomain Validation Bypass - ownCloud
Within the oauth2 app an attacker is able to pass in a specially crafted redirect-url which bypasses the validation code and thus allows the attacker to redirect callbacks to a TLD controlled by the attacker...