Description
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
Remediation
References
Related Vulnerabilities
WordPress Plugin Login No Captcha reCAPTCHA Security Bypass (1.4.1)
WordPress Plugin WordPress Portfolio and Gallery-GridKit Gallery Unspecified Vulnerability (1.8.18)
TYPO3 Missing Authorization Vulnerability (CVE-2025-59017)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2023-39456)
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2012-0867)