Description

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.

Remediation

References

CVE-2014-3838

Related Vulnerabilities

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.86)

WordPress Plugin WebLibrarian Multiple Unspecified Vulnerabilities (2.6.3.1)

WordPress Plugin WordPress-Amazon-Associate (WPAA) Cross-Site Scripting (2.0)

Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.4.4)

PHP Numeric Errors Vulnerability (CVE-2015-2331)

Severity

Medium

Classification

CVE-2014-3838 CWE-264

Tags

Missing Update Known Vulnerabilities