CVE-2016-1500 Information

Description

ownCloud Server before 7.0.12 8.0.x before 8.0.10 8.1.x before 8.1.5 and 8.2.x before 8.2.2 when the \file_versions\ application is enabled does not properly check the return value of getOwner which allows remote authenticated users to read the files with names starting with .v\ and belonging to a sharing user by leveraging an incoming share.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://owncloud.org/security/advisory/?id=oc-sa-2016-003

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.1