Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-1500

Опубликовано: 08 янв. 2016
Источник: nvd
CVSS3: 3.1
CVSS2: 3.5
EPSS Низкий

Описание

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
Версия до 7.0.11 (включая)
cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:8.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 52%
0.00293
Низкий

3.1 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2016-1500

CVSS3: 3.1
ubuntu
около 10 лет назад

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

debian логотип

CVE-2016-1500

CVSS3: 3.1
debian
около 10 лет назад

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5 ...

github логотип

GHSA-43jc-34rg-43q9

CVSS3: 3.1
github
больше 3 лет назад

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

EPSS

Процентиль: 52%
0.00293
Низкий

3.1 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-200