Affected configuration(s):
cpe:/a:owncloud:owncloud:6.0.0
cpe:/a:owncloud:owncloud:6.0.1
cpe:/a:owncloud:owncloud:6.0.2
Date published: 2014-06-04T10:55:04.637-04:00
Date last modified: 2014-06-04T15:10:50.603-04:00
CVSS Score: 7.5
Principal attack vector: NETWORK
Complexity: LOW
Reference URL: http://owncloud.org/about/security/advisories/oc-sa-2014-011/
Summary: ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.