Nixpkgs security tracker

Untriaged

Permalink CVE-2019-25337

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

OwnCloud 8.1.8 - Username Disclosure

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.

References

ExploitDB-47745 exploit
OwnCloud Official Homepage product
OwnCloud Software Download Repository product
VulnCheck Advisory: OwnCloud 8.1.8 - Username Disclosure third-party-advisory

Affected products

OwnCloud

==8.1.8

Matching in nixpkgs

pkgs.owncloud-client

Synchronise your ownCloud with your computer using this desktop client

nixos-unstable 5.3.2
- nixpkgs-unstable 6.0.3
- nixos-unstable-small 6.0.3
nixos-25.11 5.3.2
- nixos-25.11-small 5.3.2
- nixpkgs-25.11-darwin 5.3.2

Package maintainers

@qknight Joachim Schiele <js@lastlog.de>
@hellwolf Miao, ZhiCheng <zhicheng.miao@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.owncloud-client

Package maintainers