4.3

CVE-2017-5865

The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OwncloudOwncloud Version <= 8.1.10
OwncloudOwncloud Version8.2.2
OwncloudOwncloud Version8.2.3
OwncloudOwncloud Version8.2.4
OwncloudOwncloud Version8.2.5
OwncloudOwncloud Version8.2.6
OwncloudOwncloud Version8.2.7
OwncloudOwncloud Version8.2.8
OwncloudOwncloud Version9.0.0
OwncloudOwncloud Version9.0.1
OwncloudOwncloud Version9.0.2
OwncloudOwncloud Version9.0.3
OwncloudOwncloud Version9.0.4
OwncloudOwncloud Version9.0.5
OwncloudOwncloud Version9.0.6
OwncloudOwncloud Version9.1.0
OwncloudOwncloud Version9.1.1
OwncloudOwncloud Version9.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.394
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 2.2 1.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/96425
Third Party Advisory
VDB Entry