| Vulnerability Name: | CVE-2014-3834 (CCN-93678) | ||||||||||||
| Assigned: | 2014-05-18 | ||||||||||||
| Published: | 2014-05-18 | ||||||||||||
| Updated: | 2014-06-04 | ||||||||||||
| Summary: | ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors. | ||||||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3834 Source: CCN Type: OwnCloud Web site ownCloud.org -Your Cloud, Your Data, Your Way! Source: CCN Type: oC-SA-2014-011 Improper authorization checks in contacts (oC-SA-2014-011) - ownCloud.org Source: CONFIRM Type: Vendor Advisory http://owncloud.org/about/security/advisories/oc-sa-2014-011/ Source: CCN Type: oC-SA-2014-013 Improper authorization checks in documents (oC-SA-2014-013)- ownCloud.org Source: CONFIRM Type: Vendor Advisory http://owncloud.org/about/security/advisories/oc-sa-2014-013/ Source: CCN Type: BID-68196 ownCloud CVE-2014-3834 Security Bypass Vulnerability Source: XF Type: UNKNOWN owncloud-cve20143834-sec-bypass(93678) Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-3834 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||