Enumeration of shared files in documents
Platform: ownCloud Server
Risk level: Low
Due to using the auto-incrementing
file_id instead of the random generated
token to access files in the documents app an authenticated users could enumerate shared files of other users.
- ownCloud Server < 6.0.3 (CVE-2014-3837)
We replaced the usage of
file_id with our random generated file sharing token.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke – ownCloud Inc. (email@example.com) – Vulnerability discovery and disclosure.