CVE-2015-5955

Published: Oct 29, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.

Affected (1)

Products: Owncloud: Owncloud Client

Owncloud

1 product

Owncloud Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud Client	Before 3.4.4

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://owncloud.org/security/advisory/?id=oc-sa-2015-013

Source: cve@mitre.org

Broken LinkVendor Advisory

https://owncloud.org/security/advisory/?id=oc-sa-2015-013

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

Timeline

No history available yet.