4.9

CVE-2015-4715

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OwncloudOwncloud Version < 6.0.8
OwncloudOwncloud Server Version >= 7.0.0 < 7.0.6
OwncloudOwncloud Server Version >= 8.0.0 < 8.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.44% 0.697
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

http://www.securityfocus.com/bid/76158
Third Party Advisory
VDB Entry
https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a
Patch
Third Party Advisory
https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/
Vendor Advisory
https://owncloud.org/security/advisory/?id=oc-sa-2015-005
Vendor Advisory