CVE-2016-1500

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-1500
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1500.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-1500
Published
2016-01-08T21:59:08Z
Modified
2024-09-03T02:35:25.358904Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

References

Affected packages

Git / github.com/owncloud/core

Affected versions

v1.*

v1.0.0beta1
v1.0RC1
v1.1

v2.*

v2.0beta3

v3.*

v3.0
v3.0RC1
v3.0alpha1

v4.*

v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta1
v4.5.0beta2
v4.5.0beta3
v4.5.0beta4

v5.*

v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2

v6.*

v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5

v7.*

v7.0.0alpha2
v7.0.0beta1

v8.*

v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.0.1
v8.0.1RC1
v8.0.2
v8.0.3
v8.0.3RC1
v8.0.3RC2
v8.0.3RC3
v8.0.3RC4
v8.0.4
v8.0.4RC1
v8.0.4RC2
v8.0.5
v8.0.5RC1
v8.0.5beta
v8.0.6
v8.0.6RC1
v8.0.6beta1
v8.0.7
v8.0.7RC1
v8.0.8
v8.1.0
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1.1
v8.1.1RC1
v8.1.1beta
v8.1.1beta1
v8.1.2
v8.1.2RC1
v8.1.3
v8.1RC2
v8.2.0
v8.2RC1
v8.2RC2
v8.2RC3
v8.2beta1