CVE-2015-4715 Information

Feb 14, 2021 cve

Description

The fetch function in OAuth/Curl.php in Dropbox-PHP as used in ownCloud Server before 6.0.8 7.x before 7.0.6 and 8.x before 8.0.4 when an external Dropbox storage has been mounted allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/76158 https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/ https://owncloud.org/security/advisory/?id=oc-sa-2015-005 The fetch function in OAuth/Curl.php in Dropbox-PHP as used in ownCloud Server before 6.0.8 7.x before 7.0.6 and 8.x before 8.0.4 when an external Dropbox storage has been mounted allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.9

Share on: