CVE-2020-28645Improper Input Validation in Owncloud

CWE-20Improper Input Validation3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 51.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud
Timeline
PublishedFeb 9
Latest updateMay 24

Description

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDowncloud/owncloud< 10.6.0

🔴Vulnerability Details

2
GHSA
GHSA-3f4c-grv3-wwg8: Deleting users with certain names caused system files to be deleted2022-05-24
CVEList
CVE-2020-28645: Deleting users with certain names caused system files to be deleted2021-02-09
CVE-2020-28645 — Improper Input Validation in Owncloud | cvebase