Description
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.
References (1)
Core 1
Core References
Broken Link, Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-013
Scores
EPSS
0.0030
EPSS Percentile
53.0%
Details
CWE
CWE-522
Status
published
Products (1)
owncloud/owncloud_client
< 3.4.4
Published
Oct 29, 2015
Tracked Since
Feb 18, 2026