< go back to overview

Information disclosure in email field dialog at sharing

Platform: ownCloud Server

Versions: 8.1.11, 8.2.9, 9.0.7, 9.1.3,

Date: 2/2/2017

Risk level: Medium

CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CWE: Information Exposure (CWE-200)

Description

An attacker can get sensitive information in the E-Mail share dialog with the autocompletion by default

Affected Software

Action Taken

Add a new option for autocomplete E-Mail Share dialog

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

Share this