Users can mount the local filesystem
Platform: ownCloud Server
Risk level: High
Due to an insufficient permission check authenticated users are able to access preview pictures of others users.
- ownCloud Server < 6.0.1 ()
It is recommended that all instances are upgraded to ownCloud Server 6.0.2.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke – ownCloud Inc. (email@example.com) – Vulnerability discovery and disclosure.