Instruction: Issues affecting the Desktop Client available from https://owncloud.org/install/#install-clients
Source: https://github.com/owncloud/client
Note that the ownCloud server itself is considered a trusted endpoint in our threat model and an eligible vulnerability must not rely on a malicious ownCloud instance.
Integrity requirements:
Max severity: critical
Asset identifier: com.owncloud.android
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Our official Android client from https://play.google.com/store/apps/details?id=com.owncloud.android.
Source: https://github.com/owncloud/android
Note that the ownCloud server itself is considered a trusted endpoint in our threat model and an eligible vulnerability must not rely on a malicious ownCloud instance.
Instruction: Code from: https://github.com/owncloud/ocis
This is next generation server software, which is "the new heart" of owncloud.
Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: owncloud.iosapp
Asset type: APPLE_STORE_APP_ID
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Our official iOS client from https://apps.apple.com/us/app/owncloud-file-sync-and-share/id1359583808
Source: https://github.com/owncloud/ios
Note that the ownCloud server itself is considered a trusted endpoint in our threat model and an eligible vulnerability must not rely on a malicious ownCloud instance.
Integrity requirements: low
Max severity: medium
Asset identifier: owncloud/activity
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/activity
Provides an activity feed showing your file changes and other interesting things going on in your ownCloud.
Integrity requirements:
Max severity: critical
Asset identifier: owncloud/core
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/core
This is our core server software, which is "the heart" of owncloud.
Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: owncloud/customgroups
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/customgroups
This apps makes it possible for users to create their own custom groups and manage members. It is then possible to share files or folders with these groups.
Integrity requirements:
Max severity: critical
Asset identifier: owncloud/files
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/core/tree/master/apps/files
This is the app for owncloud file management.
Integrity requirements:
Max severity: critical
Asset identifier: owncloud/gallery
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/gallery
Media gallery for ownCloud which includes previews for all media types supported by your installation.
Provides a dedicated view of all images in a grid, adds image viewing capabilities to the files app and adds a gallery view to public links.
Integrity requirements:
Max severity: critical
Asset identifier: owncloud/guests
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/guests
Create a guest user by typing his name in to the sharing dialog. The guest will receive an email invite with a link to create an account. He only has access to files which are shared with him.
Integrity requirements:
Max severity: critical
Asset identifier: owncloud/notifications
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/notifications
Notification backend and UI for the notification panel/icon. Used for notifications of other apps (announcementcenter, federatedfilesharing etc.)
Integrity requirements:
Max severity: critical
Asset identifier: owncloud/oauth2
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/oauth2
Application for using OAuth 2.0 in ownCloud
Integrity requirements:
Max severity: critical
Asset identifier: owncloud/richdocuments
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from: https://github.com/owncloud/richdocuments
Collabora Online for ownCloud provides collaborating editing functions for text documents, spreadsheets and presentations inside ownCloud for improved productivity.
Instruction: Code from: https://github.com/owncloud/user_ldap
This application enables administrators to connect ownCloud to an LDAP-based user directory for authentication and provisioning users, groups and user attributes. Admins can configure this application to connect to one or more LDAP directories or Active Directories via an LDAP interface. Attributes such as user quota, email, avatar pictures, group memberships and more can be pulled into ownCloud from a directory with the appropriate queries and filters.
