CVE-2014-5341

owncloud < 6.0.4 - Exposure of Sensitive Information via SFTP External Storage Driver

Title source: llm
STIX 2.1

Description

The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2014-019

Scores

EPSS 0.0025
EPSS Percentile 48.3%

Details

CWE
CWE-200
Status published
Products (1)
owncloud/owncloud < 6.0.4
Published Feb 04, 2015
Tracked Since Feb 18, 2026