CVE-2012-5336

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 4.0.8

Description The issue is related to improper validation of the user id session variable in lib/base.php, allowing remote authenticated users to read arbitrary files via vectors related to WebDAV.

Recommendations For versions prior to 4.0.8, update to version 4.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebDAV functionality until the update is applied.