Asset Pipeline in ownCloud 7.x prior to 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote malicious users to obtain sensitive information via a brute force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owncloud owncloud 7.0.0 |
||
owncloud owncloud 7.0.1 |
||
owncloud owncloud 7.0.2 |