CVE-2015-4715

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a", "name": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/76158", "name": "http://www.securityfocus.com/bid/76158", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/", "name": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005", "name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-552"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-4715", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}}, "publishedDate": "2020-02-17T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.0.8"}, {"cpe23Uri": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.0.6", "versionStartIncluding": "7.0.0"}, {"cpe23Uri": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.0.4", "versionStartIncluding": "8.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-02-28T19:31Z"}