lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Owncloud |
|
Configuration 1 [-]
|
No data.
References
| Link | Providers |
|---|---|
| http://owncloud.org/about/security/advisories/CVE-2012-5336/ |
|
History
Mon, 31 Mar 2025 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Owncloud owncloud Server
|
|
| CPEs | cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:* |
cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.0.6:*:*:*:*:*:*:* |
| Vendors & Products |
Owncloud owncloud Server
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T21:05:47.232Z
Reserved: 2012-10-08T00:00:00
Link: CVE-2012-5336
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2014-06-04T14:55:03.577
Modified: 2025-04-12T10:46:40.837
Link: CVE-2012-5336
Redhat
No data.