CVE-2016-1500

Publication date 8 January 2016

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

3.1 · Low

Score breakdown

Description

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

Read the notes from the security team

Status

Package Ubuntu Release Status
owncloud 15.10 wily Not in release
15.04 vivid Not in release
14.04 LTS trusty Not in release
12.04 LTS precise
Not affected

Notes

mdeslaur

owncloud packages in Ubuntu are now empty

Severity score breakdown

Parameter Value
Base score 3.1 · Low
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact None
Vector CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

References

Other references