Platform: ownCloud Server
– Risk: Medium
– CVSS v3 Base Score: 6.8
– CVSS v3 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
– CWE ID: 648
– CWE Name: Incorrect Use of Privileged APIs
An authenticated attacker can access all versions of all files (even unshared) as soon
as the owner of said files has at least one outgoing share with the attacker.
To attacker needs to guess a file-id which is numeric and sequential.
– owncloud/core >= v10.0.9
– owncloud/core < v10.3.1
Disable files_versions app by executing ‘occ app:disable files_versions’
As the vulnerability is a result of incorrect usage of privileged APIs, all usages in owncloud-server of said
APIs are being reviewed and replaced with less privileged versions where necessary.
Your secure file platform
Boost your productivity and enable collaboration within your organization.
The backbone of secure file sharing
Our software as a service solution. Hosted securely in Germany.
Ready in a glimpse.
Download Mobile Apps
Bring your productivity game to the next level. Download our Android or iOS app from the app stores.