ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9049)

Description

The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.

Remediation

References

CVE-2014-9049

Related Vulnerabilities

WordPress Plugin WP Mail SMTP by WPForms Cross-Site Scripting (1.3.3)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9640)

Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)

MySQL CVE-2024-21165 Vulnerability (CVE-2024-21165)

Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)

Severity

Medium

Classification

CVE-2014-9049 CWE-200