CVE-2016-1500
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
| Software | From | Fixed in |
|---|---|---|
| owncloud / owncloud | - | 7.0.11.x |
| owncloud / owncloud | 8.2.1 | 8.2.1.x |
| owncloud / owncloud | 8.2.0 | 8.2.0.x |
| owncloud / owncloud_server | 8.0.0 | 8.0.0.x |
| owncloud / owncloud_server | 8.0.2 | 8.0.2.x |
| owncloud / owncloud_server | 8.0.3 | 8.0.3.x |
| owncloud / owncloud_server | 8.0.4 | 8.0.4.x |
| owncloud / owncloud_server | 8.0.5 | 8.0.5.x |
| owncloud / owncloud_server | 8.0.6 | 8.0.6.x |
| owncloud / owncloud_server | 8.0.8 | 8.0.8.x |
| owncloud / owncloud_server | 8.0.9 | 8.0.9.x |
| owncloud / owncloud_server | 8.1.0 | 8.1.0.x |
| owncloud / owncloud_server | 8.1.1 | 8.1.1.x |
| owncloud / owncloud_server | 8.1.3 | 8.1.3.x |
| owncloud / owncloud_server | 8.1.4 | 8.1.4.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime