ownCloud Android app vulnerable to Path Traversal
CVE-2023-24804

4.4MEDIUM

Key Information:

Vendor

Owncloud

Status
Android
Vendor
CVE Published:
13 February 2023

What is CVE-2023-24804?

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android < 3.0

References

https://securitylab.github.com/advisories/GHSL-2022-059_G...
x_refsource_CONFIRM
https://hackerone.com/reports/377107
x_refsource_MISC
https://owncloud.com/security-advisories/oc-sa-2023-001/
x_refsource_MISC

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.