Description

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.

Remediation

References

CVE-2014-3838

Related Vulnerabilities

WordPress Plugin Contact Form Integrated With Google Maps Cross-Site Scripting (2.4)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3583)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.12)

Oracle Database Server Other Vulnerability (CVE-2005-3445)

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-14193)

Severity

Medium

Classification

CVE-2014-3838 CWE-264

Tags

Missing Update Known Vulnerabilities