Description
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2028 Vulnerability (CVE-2021-2028)
WordPress Plugin Thank You Counter Button Cross-Site Scripting (1.8.2)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4431)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1924)