Owncloud


reports in last 90 days

75

disclosed resolved issues

6

disclosed informative issues

1

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Critical Remote Code Execution through Deserialization Attack in OwnBackup app.

Deserialization of Untrusted Data q3rv0 Issue was not triaged


Time to close: 0 Days and 12 hours
Informative

Low Password Complexity Not Enforced On Password Change

Violation of Secure Design Principles wdem Time to triage: 35 Days and 19 hours


Time to close: 78 Days and 3 hours
Resolved

No rating Banner Grabbing - Apache Server Version Disclousure

Information Disclosure cybertiger Issue was not triaged


Time to close: 2 Days and 21 hours
Resolved

No rating owncloud.com open redirect

Open Redirect niced4y Issue was not triaged


Time to close: 0 Days and 15 hours
Informative

No rating This is not the security issue.

None supplied utkarsh123 Issue was not triaged


Time to close: 3 Days and 12 hours
Informative

Medium HTML Injection in Owncloud

Resource Injection sinkmanu Issue was not triaged


Time to close: 102 Days and 14 hours
Resolved

High doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

None supplied js_whitehat Issue was not triaged


Time to close: 39 Days and 3 hours
Resolved

Low HTML injection in Desktop Client

Cross-site Scripting (XSS) - Generic lukasreschke Issue was not triaged


Time to close: 25 Days and 1 hours
Resolved

Low password reset email spamming

Improper Access Control - Generic xifengweiyu Issue was not triaged


Time to close: 18 Days and 20 hours
Not-applicable

Low bug reporting template encourages users to paste config file with passwords

Information Disclosure hanno Issue was not triaged


Time to close: 101 Days and 12 hours
Resolved

Low User Information Disclosure via REST API

Information Disclosure alykode Time to triage: 0 Days and 21 hours


Time to close: 6 Days and 0 hours
Resolved

No rating SMB User Authentication Bypass and Persistence

Improper Authentication - Generic rhinosecuritylabs Time to triage: 2 Days and 4 hours


Time to close: 114 Days and 22 hours
Resolved

No rating Outdated Jenkins server hosted at OwnCloud.org

Information Disclosure ak_1337 Issue was not triaged


Time to close: 17 Days and 4 hours
Resolved

No rating Stored xss

Cross-site Scripting (XSS) - Generic twi0x00tter Issue was not triaged


Time to close: 48 Days and 16 hours
Duplicate

No rating Arbitrary Code Injection in ownCloud’s Windows Client

Command Injection - Generic fbogner Issue was not triaged


Time to close: 17 Days and 0 hours
Resolved

No rating [doc.owncloud.org] CRLF Injection

None supplied bobrov Issue was not triaged


Time to close: 8 Days and 7 hours
Resolved

No rating [api.owncloud.org] CRLF Injection

None supplied bobrov Issue was not triaged


Time to close: 21 Days and 7 hours
Resolved

No rating Accessable Htaccess

Information Disclosure dhanunjaya Issue was not triaged


Time to close: 0 Days and 12 hours
Resolved

No rating ownCloud 2.2.2.6192 DLL Hijacking Vulnerability

Code Injection lionheartrox Time to triage: 3 Days and 2 hours


Time to close: 44 Days and 3 hours
Resolved

No rating [forum.owncloud.org] IE, Edge XSS via Request-URI

Cross-site Scripting (XSS) - Generic bobrov Issue was not triaged


Time to close: 34 Days and 4 hours
Resolved

No rating Open Redirector via (apps/files_pdfviewer) for un-authenticated users.

Open Redirect penrose Time to triage: 0 Days and 0 hours


Time to close: 18 Days and 19 hours
Resolved

No rating doc.owncloud.com: PHP info page disclosure

Information Disclosure pseekamp Time to triage: 0 Days and 3 hours


Time to close: 0 Days and 0 hours
Resolved

No rating Cross site scripting in apps.owncloud.com

Cross-site Scripting (XSS) - Generic kalihat007 Time to triage: 0 Days and 0 hours


Time to close: 1 Days and 21 hours
Resolved

No rating doc.owncloud.org: XSS via Referrer

Cross-site Scripting (XSS) - Generic sandh0t Issue was not triaged


Time to close: 0 Days and 8 hours
Informative

No rating doc.owncloud.org: X-XSS-Protection not enabled

Cross-site Scripting (XSS) - Generic nehalh13 Time to triage: 0 Days and 0 hours


Time to close: 2 Days and 23 hours
Resolved