← Back

CVE-2015-5954

nvd nist
Published: Oct 21, 2015Modified: May 6, 2026

JSON object

Loading...
4.0
Vector
AV:N/AC:L/Au:S/C:P/I:N/A:N
Exploitability: 8.0 / Impact: 2.9
Source: NVD

Description

The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder.

Affected (12)

Owncloud
2 products
Owncloud
Owncloud Server
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Owncloud
Up to 6.0.8
Owncloud
Owncloud Server
Version 7.0.0
Owncloud Server
Version 7.0.1
Owncloud Server
Version 7.0.2
Owncloud Server
Version 7.0.3
Owncloud Server
Version 7.0.4
Owncloud Server
Version 7.0.5
Owncloud Server
Version 7.0.6
Owncloud Server
Version 8.0.0
Owncloud Server
Version 8.0.2
Owncloud Server
Version 8.0.3
Owncloud Server
Version 8.0.4

References (4)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.