MGASA-2016-0040
- Source
- https://advisories.mageia.org/MGASA-2016-0040.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0040.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2016-0040
- Related
- Published
- 2016-01-29T11:02:50Z
- Modified
- 2016-01-29T10:54:04Z
- Summary
- Updated owncloud packages fix security vulnerability
- Details
-
A Cross-site scripting (XSS) vulnerability in the OCS discovery provider in ownCloud Server before 8.0.10 allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting (CVE-2016-1498).
ownCloud Server before 8.0.10 allows remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php (CVE-2015-1499).
ownCloud Server before 8.0.10, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share (CVE-2016-1500).
- References
-
- https://advisories.mageia.org/MGASA-2016-0040.html
- https://bugs.mageia.org/show_bug.cgi?id=17620
- https://owncloud.org/security/advisory/?id=oc-sa-2016-001
- https://owncloud.org/security/advisory/?id=oc-sa-2016-002
- https://owncloud.org/security/advisory/?id=oc-sa-2016-003
- https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176017.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / owncloud
Package
- Name
- owncloud
- Purl
- pkg:rpm/mageia/owncloud?arch=source&distro=mageia-5