Skip to main content

Owncloud Server CVE-2014-2585

MEDIUM
Improper Input Validation (CWE-20)
2014-03-24 cve@mitre.org
4.9
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:P/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 24, 2014 - 16:35 cve.org
MEDIUM 4.9

DescriptionCVE.org

ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.

AnalysisAI

ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. Affected products include: Owncloud Owncloud Server. Version information: before 5.0.15.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-2044 HIGH POC
7.5 Oct 06

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote aut

CVE-2023-49105 CRITICAL POC
9.8 Nov 21

An issue was discovered in ownCloud owncloud/core before 10.13.1. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2015-4716 CRITICAL
10.0 Oct 21

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when

CVE-2012-2270 MEDIUM POC
5.8 Apr 20

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redire

CVE-2016-1499 HIGH POC
8.5 Jan 08

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sen

CVE-2012-4392 HIGH POC
7.5 Sep 05

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass auth

CVE-2012-4389 MEDIUM POC
6.8 Sep 05

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitr

CVE-2012-4393 MEDIUM POC
6.8 Sep 05

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the

CVE-2013-1942 MEDIUM POC
4.3 Aug 15

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf)

CVE-2015-7699 CRITICAL
9.0 Oct 26

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authent

CVE-2015-4718 CRITICAL
9.0 Oct 21

The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remot

CVE-2013-0303 MEDIUM
6.5 Mar 24

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote a

Share

CVE-2014-2585 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy