CVE-2016-1500 — Sensitive Information Exposure in Owncloud

CWE-200 — Sensitive Information Exposure8 documents5 sources

Severity

3.1LOWNVD

EPSS

0.3%

top 47.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedJan 8

Latest updateMay 17

Description

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶NVDowncloud/owncloud_server12 versions+11

▶NVDowncloud/owncloud7.0.11+2

🔴Vulnerability Details

GHSA

GHSA-43jc-34rg-43q9: ownCloud Server before 7↗2022-05-17

▶

CVEList

CVE-2016-1500: ownCloud Server before 7↗2016-01-08

▶

💥Exploits & PoCs

Exploit-DB

Core FTP Server 1.2 - Local Buffer Overflow↗2016-02-22

▶

💬Community

Bugzilla

CVE-2016-1500 owncloud: disclosure of files that begin with ".v" due to unchecked return value [epel-7]↗2016-01-11

▶

Bugzilla

CVE-2016-1500 owncloud: disclosure of files that begin with ".v" due to unchecked return value [fedora-all]↗2016-01-11

▶

Bugzilla

CVE-2016-1500 owncloud: disclosure of files that begin with ".v" due to unchecked return value↗2016-01-11

▶

Bugzilla

CVE-2016-1500 owncloud: disclosure of files that begin with ".v" due to unchecked return value [epel-6]↗2016-01-11

▶