CVE-2020-28646 — Uncontrolled Search Path Element in Desktop Client

CWE-427 — Uncontrolled Search Path Element2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 68.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Desktop Client

Timeline

PublishedFeb 26

Latest updateMay 24

Description

ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDowncloud/owncloud_desktop_client< 2.7

🔴Vulnerability Details

GHSA

GHSA-5f2f-2j4j-7xxw: ownCloud owncloud/client before 2↗2022-05-24

▶