CVE-2014-3838

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.

Affected Software

Name	Vendor	Start Version	End Version
Owncloud	Owncloud	*	5.0.15 (including)
Owncloud	Owncloud	5.0.0 (including)	5.0.0 (including)
Owncloud	Owncloud	5.0.1 (including)	5.0.1 (including)
Owncloud	Owncloud	5.0.2 (including)	5.0.2 (including)
Owncloud	Owncloud	5.0.3 (including)	5.0.3 (including)
Owncloud	Owncloud	5.0.4 (including)	5.0.4 (including)
Owncloud	Owncloud	5.0.5 (including)	5.0.5 (including)
Owncloud	Owncloud	5.0.6 (including)	5.0.6 (including)
Owncloud	Owncloud	5.0.7 (including)	5.0.7 (including)
Owncloud	Owncloud	5.0.8 (including)	5.0.8 (including)
Owncloud	Owncloud	5.0.9 (including)	5.0.9 (including)
Owncloud	Owncloud	5.0.10 (including)	5.0.10 (including)
Owncloud	Owncloud	5.0.11 (including)	5.0.11 (including)
Owncloud	Owncloud	5.0.12 (including)	5.0.12 (including)
Owncloud	Owncloud	5.0.13 (including)	5.0.13 (including)
Owncloud	Owncloud	5.0.14 (including)	5.0.14 (including)
Owncloud	Owncloud	5.0.14-a (including)	5.0.14-a (including)
Owncloud	Ubuntu	saucy	*
Owncloud	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3838
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References