An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. Hit to this signature may indicate a possible attempt to access ownCloud instance using admin privileges, using pre-signed URL, by exploiting this vulnerability. If no signing-key is configured in ownCloud or access using pre-signed URL is unexpected then consider blocking this signature. |