CVE-2023-24804 MEDIUM

CVE-2023-24804: ownCloud Android app vulnerable to Path Traversal

Vendor Owncloud

Product Android

Weakness CWE-22 · Path traversal

Published February 13, 2023

Last update March 10, 2025

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.

Key dates

02Disclosure timeline

February 13, 2023 CVE published

March 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-24804 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/22.html

Related vulnerabilities

CVE-2023-24804: ownCloud Android app vulnerable to Path Traversal

01Description

02Disclosure timeline

03References

04Related CVE