本頁列出影響 owncloud owncloud_client 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-24804 | The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses. | [email protected] | 5.0 | 0.52% | 2023-02-13 | 2026-06-17 |
| CVE-2023-23948 | The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. | [email protected] | 6.2 | 0.46% | 2023-02-13 | 2026-06-17 |
| CVE-2022-25339 | ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. | [email protected] | 5.5 | 0.21% | 2022-04-07 | 2026-06-17 |
| CVE-2022-25338 | ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. | [email protected] | 6.8 | 0.24% | 2022-04-07 | 2026-06-17 |
| CVE-2020-36248 | The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | [email protected] | 3.9 | 0.14% | 2021-02-19 | 2026-06-16 |
| CVE-2020-36250 | In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. | [email protected] | 6.1 | 0.26% | 2021-02-19 | 2026-06-16 |
| CVE-2015-5955 | ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | [email protected] | 5.0 | 1.09% | 2015-10-29 | 2026-06-16 |