Vulnerability Name: | CVE-2014-3838 (CCN-93692) | ||||||||||||
Assigned: | 2014-05-18 | ||||||||||||
Published: | 2014-05-18 | ||||||||||||
Updated: | 2014-06-05 | ||||||||||||
Summary: | ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts. | ||||||||||||
CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
Vulnerability Type: | CWE-264 | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2014-3838 Source: CCN Type: oC-SA-2014-016 Improper authorization checks in core Source: CONFIRM Type: Vendor Advisory http://owncloud.org/about/security/advisories/oc-sa-2014-016/ Source: CCN Type: BID-68059 ownCloud CVE-2014-3838 Authorization Security Bypass Vulnerability Source: XF Type: UNKNOWN owncloud-cve20143838-sec-bypass(93692) Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-3838 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |