The user_openid app in ownCloud Server prior to 5.0.15 allows remote malicious users to obtain access by leveraging an insecure OpenID implementation.
owncloud owncloud