CVE-2014-9046Sensitive Information Exposure in Owncloud

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 51.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedFeb 4
Latest updateMay 17

Description

The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud_server26 versions+25
NVDowncloud/owncloud5.0.17

🔴Vulnerability Details

2
GHSA
GHSA-2968-xc5j-q436: The OC_Util::getUrlContent function in ownCloud Server before 52022-05-17
CVEList
CVE-2014-9046: The OC_Util::getUrlContent function in ownCloud Server before 52015-02-04
CVE-2014-9046 — Sensitive Information Exposure | cvebase