ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2016-1500

ownCloud Server before 7.0.12 8.0.x before 8.0.10 8.1.x before 8.1.5 and 8.2.x before 8.2.2 when the quotfile_versionsquot application is enabled does not properly check the return value of getOwner which allows remote authenticated users to read the files with names starting with quot.vquot and belonging to a sharing user by leveraging an incoming share.