Description
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
Remediation
References
Related Vulnerabilities
Drupal Configuration Vulnerability (CVE-2008-6171)
WordPress Plugin Twitter Cards Meta Multiple Vulnerabilities (2.4.5)
WordPress Plugin ArcadePress 'upload.php' Arbitrary File Upload (0.65)
WordPress Plugin UK Cookie Consent Cross-Site Scripting (2.3.9)
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-33334)