Platform: ownCloud Server
Risk level: Low
apps/calendar/appinfo/remote.php and apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
- ownCloud Server < 4.0.7 (CVE-2012-4390)
It is recommended that all instances are upgraded to ownCloud Server 4.0.7.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Florian Preinstorfer – Vulnerability discovery and disclosure.