Dismissed
Permalink
CVE-2019-25337
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse removed package owncloud-client
- @LeSuisse dismissed
OwnCloud 8.1.8 - Username Disclosure
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.
References
- OwnCloud Official Homepage product
- OwnCloud Software Download Repository product
- VulnCheck Advisory: OwnCloud 8.1.8 - Username Disclosure third-party-advisory
- ExploitDB-47745 exploit
- ExploitDB-47745 exploit
- OwnCloud Official Homepage product
- OwnCloud Software Download Repository product
- VulnCheck Advisory: OwnCloud 8.1.8 - Username Disclosure third-party-advisory
Affected products
OwnCloud
- ==8.1.8