CVE-2017-5865
Published Mar 3, 2017
Last updated 8 years ago
Overview
- Description
- The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 3.7
- Impact score
- 1.4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E2EB67F-2620-434E-9AB5-45293C019F3F",
"versionEndIncluding": "8.1.10"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C35E22D-36A5-495B-8611-7C8B70064A2E"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FBDBB20-B519-4683-BB16-63A25AE53D7E"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67AD973F-F06D-46C9-85EB-3521899A257B"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8098FF20-D5EA-4F72-A837-0CE7B9761974"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0930807A-BA26-4AFF-9B52-EC2EAF5A456D"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F81CD71B-7D08-485B-9042-D4CE523FEE80"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FC26723-FE1F-4C1A-AF9C-901A1A7A4DA3"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25185B4F-623B-45F5-97C3-A520C96B6CA6"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F31B84D-7A81-426C-8C91-BF86087ED657"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8CF3111-74DA-4644-9318-4D5CC6FBD1CC"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D52C26E1-C1A1-4834-84C5-C4403E1734D2"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "377EE3A2-8105-4448-AB9E-C703513CA6CD"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADF1A811-E3EF-4A4A-8F7A-C3E5DBC24159"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECEB63FC-724C-4FA5-A998-4549A2460A92"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E74BD31-5BD3-40FE-93BA-CAE23DA681B2"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32D138CF-6623-4E1E-97DC-6DD96FE62C1E"
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "578DA4AF-C61B-4796-B5BF-89701D3FB8CB"
}
],
"operator": "OR"
}
]
}
]