Users can mount the local filesystem
Platform: ownCloud Server
Versions: 5.0.15, 6.0.2,
Risk level: High
Due to not properly sanitzing the mount configuration authenticated users are able to mount the local filesystem into their ownCloud. A successful exploit requires the files_external app to be enabled.
- ownCloud Server < 6.0.2 ()
- ownCloud Server < 5.0.15 ()
It is recommended that all instances are upgraded to ownCloud Server 6.0.2 or 5.0.15.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke – ownCloud Inc. (firstname.lastname@example.org) – Vulnerability discovery and disclosure.