CVE-2016-5876

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-5876
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5876.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-5876
Published
2017-01-23T21:59:01.860Z
Modified
2026-04-10T03:52:02.849071Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.

References

Affected packages

Git / github.com/owncloud/core

Affected ranges

Type
GIT
Repo
https://github.com/owncloud/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5bb7743f8789a01902c64ded1fde0e5d9d664844
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
81f694d83e8246d9b6482b773c8bdca675c51828
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
54fc92c37233d248de8da842352c43dffdfc5f8d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e13d02de2d5d260720b63f3f9ffe87b5aa0dd6c4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.2.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.2"
        }
    ]
}

Affected versions

v1.*
v1.0.0beta1
v3.*
v3.0
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1RC2
v8.2.0
v8.2.1
v8.2.1RC1
v8.2.1RC2
v8.2.1RC3
v8.2.1RC4
v8.2.2
v8.2.2RC1
v8.2.3
v8.2.3RC1
v8.2.3RC2
v8.2.4
v8.2.4RC1
v8.2.4RC2
v8.2.5
v8.2.5RC1
v8.2.5RC2
v8.2RC1
v8.2RC2
v8.2RC3
v8.2beta1
v9.*
v9.0.0
v9.0.0RC1
v9.0.0RC2
v9.0.0RC3
v9.0.0beta2
v9.0.1
v9.0.1RC1
v9.0.1RC2
v9.0.1beta
v9.0.2
v9.0.2RC1
v9.0.2RC2
v9.0beta1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5876.json"