CVE-2020-36252 — Use of Insufficiently Random Values in Server

CWE-330 — Use of Insufficiently Random Values CWE-668 — Resource Exposure3 documents3 sources

Severity

5.7MEDIUMNVD

CNA6.8

EPSS

0.1%

top 75.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Server

Timeline

PublishedFeb 19

Latest updateMay 24

Description

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages1 packages

▶NVDowncloud/owncloud_server10.0.9 — 10.3.1

🔴Vulnerability Details

GHSA

GHSA-gc7p-gg9x-38qq: ownCloud Server 10↗2022-05-24

▶

CVEList

CVE-2020-36252: ownCloud Server 10↗2021-02-19

▶