From secunia: Description luks has discovered a vulnerability in ownCloud, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the core/lostpassword/index.php script generating predictable tokens for password resets and can be exploited to change the passwords of arbitrary users. The vulnerability is confirmed in version 3.0.1. Prior versions may also be affected. Solution Update to version 3.0.2.
Last vulnerable version (3.0.0) removed from tree, only 3.0.2 is left now
thanks, fixed