ownCloud server 9.1.3User enumeration with error messages
Information disclosure in email field dialog at sharing
Flooding logfiles with a 1 Bit BMP File
ownCloud desktop 2.2.3Local Code Injection
ownCloud mobile iOS 3.4.4Improper validation of certificates within the iOS application
Credentials potentially leaked to other configured ownCloud instance
Open redirector (oC-SA-2013-022)
14th May 2013
Risk level: Low
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
- ownCloud Server < 5.0.6 (CVE-2013-2044)
It is recommended that all instances are upgraded to ownCloud Server 5.0.6.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Mateusz Goik - AliantSoft - Vulnerability discovery and disclosure.