Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. Administration role is necessary for exploitation. Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. OwnCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. OwnCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. OwnCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. OwnCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. This could be abused to spoof the URL in password-reset e-mail messages. The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. However, injections affecting `owncloud_database` remain relevant as of version 3.0. In version 3.0, the `filelist` database was deprecated. Two databases, `filelist` and `owncloud_database`, are affected. This issue can lead to information disclosure. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |