CVE-2020-36251 ā€” Improper Privilege Management in Owncloud

CWE-269 ā€” Improper Privilege Management3 documents3 sources
Severity
4.3MEDIUMNVD
CNA3.5
EPSS
0.2%
top 56.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud
Timeline
PublishedFeb 19
Latest updateMay 24

Description

ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

ā–¶NVDowncloud/owncloud< 10.3.0

šŸ”“Vulnerability Details

2
GHSA
GHSA-x79p-m9m4-xx9w: ownCloud Server before 10ā†—2022-05-24
ā–¶
CVEList
CVE-2020-36251: ownCloud Server before 10ā†—2021-02-19
ā–¶
CVE-2020-36251 ā€” Improper Privilege Management | cvebase