HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2016-1499

CVSS 8.5v3.0pub. 2016-01-08upd. 2026-05-06

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
  • Owncloud

    APP
    Owncloud
    8.2.08.2.1≤ 8.0.9
  • Owncloud Server

    APP
    Owncloud
    8.1.08.1.18.1.38.1.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2023-49105CRITICAL9.8PL ✓ten sam produkt

OwnCloud: Pominięcie uwierzytelniania przez pre-signed URL (WebDAV API)

CVE-2021-35946CRITICAL9.8ten sam produkt

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the...

CVE-2020-28645CRITICAL9.1ten sam produkt

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow us...

CVE-2014-2052CRITICAL9.8ten sam produkt

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to re...

CVE-2014-2048CRITICAL9.8ten sam produkt

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an...