CVE-2016-1500

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
Severity
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
owncloudowncloud
𝑥
≤ 7.0.11
owncloudowncloud
8.0.0
owncloudowncloud
8.0.2
owncloudowncloud
8.0.3
owncloudowncloud
8.0.4
owncloudowncloud
8.0.5
owncloudowncloud
8.0.6
owncloudowncloud
8.0.8
owncloudowncloud
8.0.9
owncloudowncloud
8.1.0
owncloudowncloud
8.1.1
owncloudowncloud
8.1.3
owncloudowncloud
8.1.4
owncloudowncloud
8.2.0
owncloudowncloud
8.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
owncloud
wily
dne
vivid
dne
trusty
dne
precise
not-affected