ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
{
"unresolved_ranges": [
{
"source": "CPE_STRING",
"vendor_product": "owncloud:owncloud",
"extracted_events": [
{
"introduced": "8.2.0"
},
{
"last_affected": "8.2.0"
}
],
"cpes": [
"cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*"
]
}
]
}{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:owncloud:owncloud_server:8.1.4:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.11"
},
{
"introduced": "8.2.0"
},
{
"last_affected": "8.2.0"
},
{
"introduced": "8.2.1"
},
{
"last_affected": "8.2.1"
},
{
"introduced": "8.0.0"
},
{
"last_affected": "8.0.0"
},
{
"introduced": "8.0.2"
},
{
"last_affected": "8.0.2"
},
{
"introduced": "8.0.3"
},
{
"last_affected": "8.0.3"
},
{
"introduced": "8.0.4"
},
{
"last_affected": "8.0.4"
},
{
"introduced": "8.0.5"
},
{
"last_affected": "8.0.5"
},
{
"introduced": "8.0.6"
},
{
"last_affected": "8.0.6"
},
{
"introduced": "8.0.8"
},
{
"last_affected": "8.0.8"
},
{
"introduced": "8.0.9"
},
{
"last_affected": "8.0.9"
},
{
"introduced": "8.1.0"
},
{
"last_affected": "8.1.0"
},
{
"introduced": "8.1.1"
},
{
"last_affected": "8.1.1"
},
{
"introduced": "8.1.3"
},
{
"last_affected": "8.1.3"
},
{
"introduced": "8.1.4"
},
{
"last_affected": "8.1.4"
}
]
}