Insecure Direct Object References in Gallery

Risk level: Medium

CVSS v2 Base Score: 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CWE: Insecure Direct Object References (CWE-932)

Description

ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled.

Affected Software

• ownCloud Server < 8.2.6 (CVE-2016-5876)
  • gallery/2e8f1f2509d15876ab09396dfe6c463aacdf5c5b
• ownCloud Server < 9.0.3 (CVE-2016-5876)
  • gallery/e3021ab6cc4e37eccb27eab6374722632c85eed7

Action Taken

The share token is verified.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

• Lukas Reschke – Vulnerability discovery and disclosure.