File Disclosure Vulnerability in ownCloud Server

File Disclosure Vulnerability in ownCloud Server

CVE-2016-1500 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

Learn more about our Cis Benchmark Audit For Server Software.