ownCloud

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Desktop Client DOWNLOADABLE_EXECUTABLES high critical
Issues affecting the Desktop Client available from https://owncloud.org/install/#install-clients Source: https://github.com/owncloud/client Note that the ownCloud server itself is considered a trusted endpoint in our threat model and an eligible vulnerability must not rely on a malicious ownCloud instance.
com.owncloud.android GOOGLE_PLAY_APP_ID none low low medium
Our official Android client from https://play.google.com/store/apps/details?id=com.owncloud.android. Source: https://github.com/owncloud/android Note that the ownCloud server itself is considered a trusted endpoint in our threat model and an eligible vulnerability must not rely on a malicious ownCloud instance.
owncloud.iosapp APPLE_STORE_APP_ID none low low medium
Our official iOS client from https://itunes.apple.com/en/app/owncloud/id543672169 Source: https://github.com/owncloud/ios Note that the ownCloud server itself is considered a trusted endpoint in our threat model and an eligible vulnerability must not rely on a malicious ownCloud instance.
owncloud/activity SOURCE_CODE high critical
Code from: https://github.com/owncloud/activity Provides an activity feed showing your file changes and other interesting things going on in your ownCloud.
owncloud/contacts SOURCE_CODE none low low medium
Code from: https://github.com/owncloud/contacts This is the new contacts app that has replaced the old contacts app, and is only the frontend for the new server-integrated CardDAV-Backend.
owncloud/core SOURCE_CODE high critical
Code from: https://github.com/owncloud/core This is our core server software, which is "the heart" of owncloud. Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
owncloud/customgroups SOURCE_CODE high critical
Code from: https://github.com/owncloud/customgroups This apps makes it possible for users to create their own custom groups and manage members. It is then possible to share files or folders with these groups.
owncloud/files SOURCE_CODE high critical
Code from: https://github.com/owncloud/files This is the app for owncloud file management.
owncloud/gallery SOURCE_CODE high critical
Code from: https://github.com/owncloud/gallery Media gallery for ownCloud which includes previews for all media types supported by your installation. Provides a dedicated view of all images in a grid, adds image viewing capabilities to the files app and adds a gallery view to public links.
owncloud/guests SOURCE_CODE high critical
Code from: https://github.com/owncloud/guests Create a guest user by typing his name in to the sharing dialog. The guest will receive an email invite with a link to create an account. He only has access to files which are shared with him.
owncloud/notifications SOURCE_CODE high critical
Code from: https://github.com/owncloud/notifications Notification backend and UI for the notification panel/icon. Used for notifications of other apps (announcementcenter, federatedfilesharing etc.)
owncloud/oauth2 SOURCE_CODE high critical
Code from: https://github.com/owncloud/oauth2 Application for using OAuth 2.0 in ownCloud
owncloud/richdocuments SOURCE_CODE high critical
Code from: https://github.com/owncloud/richdocuments Collabora Online for ownCloud provides collaborating editing functions for text documents, spreadsheets and presentations inside ownCloud for improved productivity.
owncloud/tasks SOURCE_CODE none low low medium
Code from: https://github.com/owncloud/tasks Task App for Calender TODOs
owncloud/updater SOURCE_CODE high critical
Code from: https://github.com/owncloud/updater
owncloud/user_ldap SOURCE_CODE high critical
Code from: https://github.com/owncloud/user_ldap This application enables administrators to connect ownCloud to an LDAP-based user directory for authentication and provisioning users, groups and user attributes. Admins can configure this application to connect to one or more LDAP directories or Active Directories via an LDAP interface. Attributes such as user quota, email, avatar pictures, group memberships and more can be pulled into ownCloud from a directory with the appropriate queries and filters.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.owncloud.com URL none
*.owncloud.org URL none