Vulnerability Name:

CCN-83406

Published:2013-04-11
Updated:2013-04-11
Summary:ownCloud could allow a local attacker to download arbitrary files, caused by improper validation of user-supplied input by SabreDAV. A remote attacker could exploit this vulnerability usingusing backslash characters (..\) to download arbitrary files from the system.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: oss-sec mailing list, Thu, 11 Apr 2013 15:45:30 +0200
ownCloud Security Advisories (2013-014, 2013-015, 2013-016)

Source: CCN
Type: SA52986
ownCloud Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
owncloud-cve20131939-file-disclosure(83406)

Source: CCN
Type: ownCloud Web site
ownCloud | Your Cloud, Your Data, Your Way!

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-1939

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    owncloud owncloud 5.0.3
    owncloud owncloud 4.5.8
    owncloud owncloud 4.0.13