Description

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.

Remediation

References

CVE-2014-3838

Related Vulnerabilities

WordPress Plugin Redirection PHP Object Injection (2.7.3)

WordPress Plugin wp-football Multiple Cross-Site Scripting Vulnerabilities (1.1)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35414)

WordPress Plugin Mingle Forum Multiple Cross-Site Request Forgery Vulnerabilities (1.0.34)

WordPress Plugin xili-tidy-tags Cross-Site Request Forgery (1.12.03)

Severity

Medium

Classification

CVE-2014-3838 CWE-264

Tags

Missing Update Known Vulnerabilities