Candidate: CVE-2015-4715
PublicDate: 2020-02-17 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4715
 https://owncloud.org/security/advisory/?id=oc-sa-2015-005
Description:
 The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud
 Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an
 external Dropbox storage has been mounted, allows remote administrators of
 Dropbox.com to read arbitrary files via an @ (at sign) character in
 unspecified POST values.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Lukas Reschke
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N [4.9 MEDIUM]

Patches_php-dropbox:
upstream_php-dropbox: released (1.0.0-4)
precise_php-dropbox: DNE
precise/esm_php-dropbox: DNE
trusty_php-dropbox: ignored (reached end-of-life)
trusty/esm_php-dropbox: DNE (trusty was needed)
vivid_php-dropbox: ignored (reached end-of-life)
vivid/stable-phone-overlay_php-dropbox: DNE
vivid/ubuntu-core_php-dropbox: DNE
wily_php-dropbox: ignored (reached end-of-life)
xenial_php-dropbox: not-affected (1.0.0-4)
yakkety_php-dropbox: DNE
zesty_php-dropbox: DNE
artful_php-dropbox: DNE
bionic_php-dropbox: DNE
cosmic_php-dropbox: DNE
disco_php-dropbox: DNE
devel_php-dropbox: DNE