CVE-2014-3838Owncloud vulnerability

CWE-2645 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.1%
top 67.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedJun 4
Latest updateAug 10

Description

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud_server18 versions+17
NVDowncloud/owncloud5.0.15

🔴Vulnerability Details

4
OSV
php-dompdf vulnerabilities2023-08-10
OSV
php-dompdf vulnerabilities2023-08-08
GHSA
GHSA-crpj-m6c5-x3jj: ownCloud Server before 52022-05-17
CVEList
CVE-2014-3838: ownCloud Server before 52014-06-04
CVE-2014-3838 — Owncloud vulnerability | cvebase