CVE-2014-2049

owncloud_server < 5.0.15 and 6.x < 6.0.2 - Unauthenticated File Access via Flash Cross Domain Policy

Title source: llm

Description

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

http://owncloud.org/about/security/advisories/oC-SA-2014-003/

Scores

EPSS 0.0040

EPSS Percentile 61.0%

Details

CWE

CWE-264

Status published

Products (50)

owncloud/owncloud < 5.0.14

owncloud/owncloud_server 6.0.0

owncloud/owncloud_server 6.0.1

owncloud/owncloud_server 3.0.0

owncloud/owncloud_server 3.0.1

owncloud/owncloud_server 3.0.2

owncloud/owncloud_server 3.0.3

owncloud/owncloud_server 4.0.0

owncloud/owncloud_server 4.0.1

owncloud/owncloud_server 4.0.2

... and 40 more

Published Mar 14, 2014

Tracked Since Feb 18, 2026