CVE-2015-5954
ownCloud Server <6.0.9, 7.0.x <7.0.7, 8.0.x <8.0.5 - Privilege Esca...
Title source: llmDescription
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3373
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-011
Scores
EPSS
0.0010
EPSS Percentile
28.0%
Details
Status
published
Products (12)
owncloud/owncloud
< 6.0.8
owncloud/owncloud_server
7.0.0
owncloud/owncloud_server
7.0.1
owncloud/owncloud_server
7.0.2
owncloud/owncloud_server
7.0.3
owncloud/owncloud_server
7.0.4
owncloud/owncloud_server
7.0.5
owncloud/owncloud_server
7.0.6
owncloud/owncloud_server
8.0.0
owncloud/owncloud_server
8.0.2
... and 2 more
Published
Oct 21, 2015
Tracked Since
Feb 18, 2026