CVE-2015-4715

Published: Feb 17, 2020Modified: Mar 31, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.

Affected (3)

Products: Owncloud: Owncloud, Owncloud Server

2 products

Owncloud Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud	Before 6.0.8
Owncloud Owncloud Server	From 7.0.0 to 7.0.6
Owncloud Owncloud Server	From 8.0.0 to 8.0.4

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (8)

http://www.securityfocus.com/bid/76158

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a

Source: cve@mitre.org

PatchThird Party Advisory

https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/

Source: cve@mitre.org

Vendor Advisory

https://owncloud.org/security/advisory/?id=oc-sa-2015-005

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/76158

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://owncloud.org/security/advisory/?id=oc-sa-2015-005

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.