CVE-2014-3834
owncloud < 6.0.3 - Authenticated Unauthorized Data Access and File Rename
Title source: llmDescription
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/oc-sa-2014-011/
Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/oc-sa-2014-013/
Scores
EPSS
0.0041
EPSS Percentile
61.6%
Details
CWE
CWE-264
Status
published
Products (3)
owncloud/owncloud
< 6.0.2
owncloud/owncloud_server
6.0.0
owncloud/owncloud_server
6.0.1
Published
Jun 04, 2014
Tracked Since
Feb 18, 2026