Description

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

Remediation

References

CVE-2016-1500

Related Vulnerabilities

WordPress Plugin CBX Bookmark & Favorite Cross-Site Scripting (1.6.8)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4196)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25152)

WordPress Incorrect Authorization Vulnerability (CVE-2017-6816)

Nexus Repository Manager CVE-2019-15893 Vulnerability (CVE-2019-15893)

Severity

Low

Classification

CVE-2016-1500 CWE-200 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities