Owncloud Client
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Owncloud Client.
By the Year
In 2026 there have been 0 vulnerabilities in Owncloud Client. Owncloud Client did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 4.95 |
| 2022 | 2 | 6.15 |
| 2021 | 2 | 4.60 |
It may take a day or so for new Owncloud Client vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Owncloud Client Security Vulnerabilities
OwnCloud Android App <3.0 Path Traversal & File Write
CVE-2023-24804
4.4 - Medium
- February 13, 2023
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the apps internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.
Directory traversal
SQLi in ownCloud Android App (v2.21.1, 3.0)
CVE-2023-23948
5.5 - Medium
- February 13, 2023
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.
SQL Injection
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
CVE-2022-25339
5.5 - Medium
- April 07, 2022
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.
CVE-2022-25338
6.8 - Medium
- April 07, 2022
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.
The ownCloud application before 2.15 for Android
CVE-2020-36248
4.6 - Medium
- February 19, 2021
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
Cleartext Storage of Sensitive Information
In the ownCloud application before 2.15 for Android, the lock protection mechanism
CVE-2020-36250
4.6 - Medium
- February 19, 2021
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
Inadequate Encryption Strength
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might
CVE-2015-5955
- October 29, 2015
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Owncloud Client or by ownCloud? Click the Watch button to subscribe.
