CVE-2012-4390 — Sensitive Information Exposure in Owncloud

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 57.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedSep 5

Latest updateMay 17

Description

(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDowncloud/owncloud4.0.6

▶NVDowncloud/owncloud_server10 versions+9

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7pr4-2hwg-v5fc: (1) apps/calendar/appinfo/remote↗2022-05-17

▶

CVEList

CVE-2012-4390: (1) apps/calendar/appinfo/remote↗2012-09-05

▶