CVE-2015-7699

Published Oct 26, 2015

Last updated 9 years ago

Overview

Description: The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7F58319-DE37-4307-9D60-BDFC27D6826B"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AD03A74-6F1D-43EC-BC93-F2AF2467F6D2"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "453D8D0E-B385-4A8F-9D01-CDE38E6C1D4B"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References