CVE-2014-3835 - OpenCVE

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Owncloud	Owncloud

Configuration 1 [-]

OR	cpe:2.3:a:owncloud:owncloud:6.0.0:::::::*
	cpe:2.3:a:owncloud:owncloud:6.0.1:::::::*
	cpe:2.3:a:owncloud:owncloud:6.0.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:owncloud:owncloud::::::::
	cpe:2.3:a:owncloud:owncloud:5.0.0:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.1:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.2:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.3:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.4:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.5:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.6:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.7:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.8:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.9:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.10:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.11:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.12:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.13:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.14:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.14:a::::::

No data.

References

Link	Providers
http://owncloud.org/about/security/advisories/oc-sa-2014-012/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-04T14:00:00

Updated: 2024-08-06T10:57:18.008Z

Reserved: 2014-05-22T00:00:00

Link: CVE-2014-3835

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-06-04T14:55:04.700

Modified: 2014-06-05T11:10:03.977

Link: CVE-2014-3835

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-04T13:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/", "refsource": "CONFIRM", "url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:57:18.008Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3835", "datePublished": "2014-06-04T14:00:00", "dateReserved": "2014-05-22T00:00:00", "dateUpdated": "2024-08-06T10:57:18.008Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BA20301-F66D-40C3-8E61-D37867C54429", "versionEndIncluding": "5.0.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "43448288-B129-4210-9680-55836869F09F", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*", "matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors."}, {"lang": "es", "value": "ownCloud Server anterior a 5.0.16 y 6.0.x anterior a 6.0.3 no comprueba permisos a la aplicaci\u00f3n files_external, lo que permite a usuarios remotos autenticados a\u00f1adir almacenaje externo a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-3835", "lastModified": "2014-06-05T11:10:03.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-04T14:55:04.700", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}