exploitDog

CVE-2025-59716

Опубликовано: 05 нояб. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.

Ссылки

https://gist.github.com/thesmartshadow/64ae0449e909174d0479a4f23657147f
Exploit
Third Party Advisory
https://github.com/owncloud/guests
Product
https://marketplace.owncloud.com/apps/guests
Product
https://yeswehack.com/reports/411806
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:owncloud:guests:*:*:*:*:*:*:*:*

Версия до 0.12.4 (включая)

EPSS

Процентиль: 16%

0.0005

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-967j-jc6x-3jm4

CVSS3: 5.3

github

3 месяца назад

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.

EPSS

Процентиль: 16%

0.0005

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-200