CVE-2014-4929 — Path Traversal in Owncloud

CWE-22 — Path Traversal3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.6%

top 30.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedAug 20

Latest updateMay 17

Description

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDowncloud/owncloud_server20 versions+19

▶NVDowncloud/owncloud5.0.16

🔴Vulnerability Details

GHSA

GHSA-c7pc-vh27-jpqf: Directory traversal vulnerability in the routing component in ownCloud Server before 5↗2022-05-17

▶

CVEList

CVE-2014-4929: Directory traversal vulnerability in the routing component in ownCloud Server before 5↗2014-08-20

▶