CVE-2023-24804

Name of the Vulnerable Software and Affected Versions ownCloud Android app versions prior to 3.0

Description The ownCloud Android app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. These bypasses may lead to information disclosure when uploading the app's internal files and to arbitrary file write when uploading plain text files, although this is limited by the .txt extension.

Recommendations For versions prior to 3.0, update to version 3.0 to fix the reported bypasses. As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation. Avoid using the app to upload plain text files until the issue is resolved.