CVE-2019-25337

Name of the Vulnerable Software and Affected Versions OwnCloud version 8.1.8

Description The software contains a flaw that allows remote attackers to discover user accounts. This is achieved by manipulating the share.php endpoint. Attackers can send specially crafted GET requests to the /index.php/core/ajax/share.php API endpoint, utilizing a wildcard search parameter to obtain comprehensive user information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.