Information Exposure in ownCloud Server by ownCloud
CVE-2016-1499

8.5HIGH

Key Information:

Vendor

Owncloud

Status
Owncloud
Vendor
CVE Published:
8 January 2016

What is CVE-2016-1499?

The vulnerability found in ownCloud Server allows remote authenticated users to access sensitive directory listings, potentially leading to unauthorized information disclosure. This issue can be exploited using the 'force' parameter in the index.php/apps/files/ajax/scan.php endpoint, which may also result in elevated CPU usage, leading to a denial of service condition. Versions of ownCloud prior to 8.0.10, 8.1.5, and 8.2.2 are at risk.

References

http://www.securityfocus.com/archive/1/537244/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...
x_refsource_MISC
http://packetstormsecurity.com/files/135158/ownCloud-8.2....
x_refsource_MISC

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.