< go back to overview

Full installation path disclosure through error message

Platform: ownCloud Server

Versions: 8.0.9, 8.1.4,

Date: 1/6/2016

Risk level: Low

CVSS v2 Base Score: 4 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CWE: Information Exposure Through Self-generated Error Message (CWE-210)

Description

ownCloud returns exception error messages to the user in two different places, allowing an authenticated adversary to gain information about the installation path of the ownCloud instance. There is no further information disclosure.

Affected Software

Action Taken

The vulnerable components have been adjusted to not leak the exception error message and thus not disclose the server installation path.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Md. Ishrat Shahriyar – Vulnerability discovery and disclosure.

Share this

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close