CVE-2014-3838

ownCloud Server < 5.0.16 and 6.0.x < 6.0.3 - Authenticated File Name Disclosure

Title source: llm

Description

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://owncloud.org/about/security/advisories/oc-sa-2014-016/

Scores

EPSS 0.0022

EPSS Percentile 43.9%

Details

CWE

CWE-264

Status published

Products (19)

owncloud/owncloud < 5.0.15

owncloud/owncloud_server 5.0.0

owncloud/owncloud_server 5.0.1

owncloud/owncloud_server 5.0.2

owncloud/owncloud_server 5.0.3

owncloud/owncloud_server 5.0.4

owncloud/owncloud_server 5.0.5

owncloud/owncloud_server 5.0.6

owncloud/owncloud_server 5.0.7

owncloud/owncloud_server 5.0.8

... and 9 more

Published Jun 04, 2014

Tracked Since Feb 18, 2026