ownCloud server 8.1.1Information Exposure Through Directory Listing in the file scanner
Calendar export: Authorization Bypass Through User-Controlled Key
ownCloud desktop 1.8.2Improper validation of certificates when using self-signed certificates
ownCloud mobile iOS 3.4.4Improper validation of certificates within the iOS application
Credentials potentially leaked to other configured ownCloud instance
Multiple SQL injection (oC-SA-2013-019)
14th May 2013
Risk level: High
ownCloud before 5.0.6 does not neutralize special elements that are passed to the SQL query in lib/db.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. (CVE-2013-2045)
ownCloud before 5.0.6 and 4.5.11 does not neutralize special elements that are passed to the SQL query in lib/bookmarks.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. (CVE-2013-2046)
- ownCloud Server < 5.0.6 (CVE-2013-2045)
- ownCloud Server < 4.5.11 (CVE-2013-2046)
It is recommended that all instances are upgraded to ownCloud Server 5.0.6, 4.5.11 or 4.0.15.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Mateusz Goik - AliantSoft - Vulnerability discovery and disclosure.