CVE-2015-5955

Published Oct 29, 2015

Last updated 3 years ago

Overview

Description: ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-522

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F80677C4-616C-44A3-AA94-BB69E4717496",
            "versionEndExcluding": "3.4.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References