Max Van Der Linden

**Name of the Vulnerable Software and Affected Versions** ownCloud version 10.7 **Description** The issue is related to an incorrect access control, leading to remote information disclosure. Due to a bug in the related API endpoint, an attacker can enumerate all users in a single request by entering three whitespaces. This could also cause higher than average load on a large instance. **Recommendations** For ownCloud version 10.7, consider restricting access to the affected API endpoint until a patch is available. As a temporary workaround, avoid using the API endpoint that allows user enumeration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.